This security bulletin contains one medium risk vulnerability.
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions on cross-realm objects in ImportParserPlugin.js. A remote attacker who controls a property of an untrusted object can obtain access to the real global object.Mitigation
Install updates from vendor's website.Vulnerable software versions
Webpack: 5.0.0 - 5.75.0Fixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?