This page collects WhisperX intelligence signals tagged #Webpack. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Eksagate Electronic Engineering and Computer Industry Trade Inc.의 'Webpack Management System'에서 심각한 SQL 인젝션 취약점(CVE-2025-10437)이 공개적으로 식별됐다. 이 취약점은 CVSS 9.8의 위험 등급을 부여받았으며, 공격자가 네트워크를 통해 인증 없이 시스템에 접근해 데이터의 기밀성, 무결성, 가용성을 모두 높은 수준으로 침해할 수 있는 위험을 내포하고 있다. 2025년 11월 19일 이하 버전의 소프트웨어가 영향을 받는 것으로 확인됐다. 취약점의 기술적 원인은 'SQL 명...
A high-severity Remote Code Execution (RCE) vulnerability has been identified in the `serialize-javascript` package, a transitive dependency for projects using `copy-webpack-plugin`. The vulnerability, tracked as GHSA-5c6j-r48x-rmvq, affects `serialize-javascript` versions 7.0.2 and earlier. While classified as a build...
A critical security scan has flagged the `optimize-css-assets-webpack-plugin` version 6.0.1 as a vector for five distinct vulnerabilities within the DimaMend/V-Achilles GitHub repository. The most severe flaw carries a CVSS score of 7.5, indicating a high-risk exposure. The vulnerable library is directly integrated int...
A high-severity vulnerability, CVE-2026-33891, has been detected in the widely used `node-forge` JavaScript cryptography library, version 1.3.3. This flaw creates a direct security exposure within a critical dependency chain for modern web development, specifically impacting projects built with React and Webpack. The v...
一个关键的 Webpack 插件被发现存在严重的安全漏洞。在 `sw-precache-webpack-plugin-0.11.5.tgz` 中,安全扫描揭示了 23 个漏洞,其中最高严重性评分为 9.8 分(CVSS v3),且部分漏洞被标记为“可被利用”。该插件用于在 Webpack 构建流程中集成 Service Worker,其依赖链中的缺陷直接暴露了使用它的应用程序。 漏洞详情显示,问题主要存在于传递依赖项中。例如,`minimist-1.2.0.tgz` 存在一个评分为 9.8 的严重漏洞(CVE-2021-44906),而 `lodash.template-4.4.0.tgz` 则存在另一个评分为 9.1 的严重漏洞...
一个广泛使用的 JavaScript 构建工具链组件被曝存在严重安全漏洞。根据 GitHub 依赖项扫描报告,`terser-webpack-plugin` 的 4.2.3 版本包含 14 个已识别的漏洞,其中最高严重性评分为 8.8(CVSS 评分),且被标记为“可被利用”。该插件是 webpack 生态中的关键依赖,用于压缩和混淆前端代码,其漏洞可能影响大量依赖此工具链的现代 Web 应用项目。 报告显示,漏洞存在于多个依赖路径中,包括 `/achilles-frontend/package.json` 和 `/baak-vizualization/package.json`。其中一项高严重性漏洞(CVE-2026-27904...
A critical security alert has been issued for the widely used `webpack-plugin-injector` npm package, version 1.0.6. The library contains 10 distinct vulnerabilities, with the highest severity rated a critical 9.8 on the CVSS scale. Crucially, these vulnerabilities are flagged as 'reachable,' meaning the exploitable cod...
A widely used JavaScript build tool, terser-webpack-plugin version 4.2.3, has been flagged with 15 distinct vulnerabilities, including one rated with a critical CVSS score of 8.8. The security scan reveals a deeply embedded supply chain risk, as these flaws are not only present but are also classified as 'reachable,' m...
A critical security exposure has been identified within the OpenTok Video Call Center project. The repository's dependency on `webpack-dev-server-4.11.1.tgz` introduces 27 distinct vulnerabilities, with the highest severity scoring a dangerous 8.6 on the CVSS scale. This development server package, essential for updati...
A critical security exposure has been identified in the widely used `webpack-bundle-analyzer` version 3.9.0, with six distinct vulnerabilities flagged as reachable within the dependency chain. The most severe of these carries a maximum CVSS severity score of 9.8, indicating a critical risk that could allow for remote c...
A critical security vulnerability in Webpack, the ubiquitous JavaScript module bundler, has been patched in version 5.94.0. The flaw, tracked as CVE-2024-43788, is a DOM Clobbering weakness within Webpack's `AutoPublicPathRuntimeModule`. This vulnerability creates a pathway for cross-site scripting (XSS) attacks, poten...
A severe vulnerability in the widely used webpack-dev-middleware package allows attackers to access any file on a developer's local machine. The flaw, tracked as CVE-2024-29180, stems from insufficient URL validation before the middleware returns a local file. This creates a direct path for unauthorized access to sensi...
A critical security exposure has been identified within the Shopware 6 administration panel's build toolchain. The dependency `webpack-dev-server-3.11.3.tgz` introduces a chain of 42 vulnerabilities into the system, with the most severe flaw scoring a maximum 9.8 on the CVSS scale. This high-risk package is directly re...
A critical vulnerability with a maximum CVSS score of 9.8 has been flagged as reachable within the dependency chain of `webpack-cli-3.3.12.tgz`. The finding, identified as CVE-2022-37601, resides in the transitive dependency `loader-utils-1.4.0.tgz`. Its reachable status indicates the vulnerable code path is likely exp...
A critical security exposure has been identified within the build chain of Shopware 6's administration interface. The flagged dependency, `html-loader-0.5.5.tgz`, contains seven vulnerabilities, with the most severe scoring a maximum 9.8 on the CVSS scale. This high-risk package is embedded in the Nuxt component librar...
A security-critical update to webpack addresses a vulnerability that could allow attackers to bypass URL allow-lists and trigger server-side request forgery (SSRF) during build processes. The patch, released as webpack version 5.104.1, resolves CVE-2025-68458 (GHSA-8fgc-7cc6-rx7x), which affects the experimental `build...
A critical DOM Clobbering vulnerability has been identified in Webpack's `AutoPublicPathRuntimeModule`, potentially enabling Cross-Site Scripting (XSS) attacks in applications that rely on affected versions of the bundler. The flaw, tracked as CVE-2024-43788 and catalogued under GHSA-4vvj-4cpr-p986, affects webpack ver...
A significant security vulnerability has been identified in Webpack 5's `AutoPublicPathRuntimeModule`, exposing applications to Cross-Site Scripting (XSS) attacks through a technique known as DOM Clobbering. Tracked as CVE-2024-43788 and catalogued under GHSA-4vvj-4cpr-p986, the flaw affects all webpack versions up to ...