Webpack · Webpack · CVE-2023-28154
**Name of the Vulnerable Software and Affected Versions**
Webpack versions prior to 5.76.0
**Description**
The issue concerns cross-realm object access. Specifically, the ImportParserPlugin.js mishandles the magic comment feature, allowing an attacker who controls a property of an untrusted object to obtain access to the real global object.
**Recommendations**
For Webpack versions prior to 5.76.0, update to version 5.76.0 or later to resolve the issue.