You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
I have identified a security vulnerability . The comlink-loader package currently relies on Webpack version 4.46.0, which is known to have a security issue tracked under CVE-2023-28154.
Vulnerability Details:
Webpack 4.46.0 is affected by CVE-2023-28154, which is a critical security vulnerability. Webpack 5 before version 5.76.0 is susceptible to this issue, and it can potentially lead to cross-realm object access. Specifically, the ImportParserPlugin.js mishandles the magic comment feature, and an attacker who controls a property of an untrusted object can obtain access to the real global object.
Recommendation:
To address this security vulnerability, I strongly recommend updating the package to use a version of Webpack that is equal to or greater than 5.76.0. This will ensure that the security issue is resolved.
Note:
I understand that this issue may not be directly within the control of the package maintainers, but I believe it's important to bring it to their attention for the safety and security of the user community.
Thank you for your attention to this matter.
The text was updated successfully, but these errors were encountered:
Description:
I have identified a security vulnerability . The comlink-loader package currently relies on Webpack version 4.46.0, which is known to have a security issue tracked under CVE-2023-28154.
Vulnerability Details:
Webpack 4.46.0 is affected by CVE-2023-28154, which is a critical security vulnerability. Webpack 5 before version 5.76.0 is susceptible to this issue, and it can potentially lead to cross-realm object access. Specifically, the ImportParserPlugin.js mishandles the magic comment feature, and an attacker who controls a property of an untrusted object can obtain access to the real global object.
Recommendation:
To address this security vulnerability, I strongly recommend updating the package to use a version of Webpack that is equal to or greater than 5.76.0. This will ensure that the security issue is resolved.
Note:
I understand that this issue may not be directly within the control of the package maintainers, but I believe it's important to bring it to their attention for the safety and security of the user community.
Thank you for your attention to this matter.
The text was updated successfully, but these errors were encountered: