@leanup/stack-webpack is using an old version of Webpack 5.75.0 and now there is a security update of webpack in a newer versions
I always see this error
Filename: webpack:4.46.0 | Reference: CVE-2023-28154 | CVSS Score: 9.8 | Category: CWE-noinfo | Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-28154 for details
@leanup/stack-webpack is using an old version of Webpack 5.75.0 and now there is a security update of webpack in a newer versions
I always see this error
Filename: webpack:4.46.0 | Reference: CVE-2023-28154 | CVSS Score: 9.8 | Category: CWE-noinfo | Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-28154 for details