Debian/node-webpack — 4 CVEs

CRITICAL9.8CVE-2023-28154Cross-realm object access in Webpack 5

from 0, < 4.43.0-6+deb11u1

MEDIUM6.4CVE-2024-43788Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

from 0

LOW3.7CVE-2025-68458webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior

from 0

LOW3.7webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence

from 0

pkg:Debian/node-webpack