[Apiiro] Apiiro SCA OSS Vulnerabilities - Critical Severity · Critical Risk

[AhmedThebaSecurrency]

Discovered on: Jul 19, 2023 12:43
Dependency: webpack
Version: 5.75.0
Type: Sub dependency
Introduced through: @docusaurus/core, @docusaurus/module-type-aliases, @docusaurus/preset-classic

Vulnerabilities

• Cross-realm object access in Webpack 5 with CVSS score 9.8. fixed version: 5.76.0
• Cross-realm object access in Webpack 5 with CVSS score 7.6. fixed version: 5.76.0

About this package:

External dependency: webpack - https://www.npmjs.com/package/webpack
Package details: Packs CommonJs/AMD modules for the browser. Allows to split your codebase into multiple bundles, which can be loaded on demand. Support loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff.
Latest version: 5.75.0
License: MIT
Insights:

• Adequately tested - Testing practices are thoroughly followed
• Backed by foundation - This package is backed by a respected OSS foundation and adheres to its maintenance standards
• Frequent commits - New code commits are frequently being pushed
• Current CVE - A CVE on this package has not been fixed by an official release/patch
• Popularity - This widely used package is popular
• Not fixable - This package includes a CVE that has not been fixed by an official release or patch
• Known exploit - This package has 1 Known Exploitable Vulnerabilities.

Source: CISA.gov

• Has Vulnerabilities - Has Vulnerabilities
• Public Repository - This is a repository accessible by the general public

This is a sub-dependency

In order to update its version, you may need to upgrade the following top-level dependencies:

• @docusaurus/core (Dependency declared in docs/package-lock.json)
• @docusaurus/module-type-aliases (Dependency declared in docs/package-lock.json)
• @docusaurus/preset-classic (Dependency declared in docs/package-lock.json)

View in Apiiro