[Apiiro] Apiiro SCA OSS Vulnerabilities - Critical Severity · Critical Risk

[AhmedThebaSecurrency]

Please investigate if we can update

Discovered on: Mar 07, 2024 12:30
Dependency: webpack
Version: 5.75.0
Type: Sub dependency
Introduced through:

• @docusaurus/core: 2.3.1 > webpack: 5.75.0
• @docusaurus/core: 2.3.1 > @docusaurus/mdx-loader: 2.3.1 > webpack: 5.75.0
• @docusaurus/core: 2.3.1 > @docusaurus/mdx-loader: 2.3.1 > webpack: 5.75.0
• @docusaurus/preset-classic: 2.3.1 > @docusaurus/plugin-content-blog: 2.3.1 > webpack: 5.75.0
• @docusaurus/preset-classic: 2.3.1 > @docusaurus/plugin-content-docs: 2.3.1 > webpack: 5.75.0
• @docusaurus/preset-classic: 2.3.1 > @docusaurus/plugin-content-pages: 2.3.1 > webpack: 5.75.0
• @docusaurus/module-type-aliases: 2.3.1 > @docusaurus/types: 2.3.1 > webpack: 5.75.0
• @docusaurus/module-type-aliases: 2.3.1 > @docusaurus/types: 2.3.1 > webpack: 5.75.0
• @docusaurus/module-type-aliases: 2.3.1 > @docusaurus/types: 2.3.1 > webpack: 5.75.0

Vulnerabilities

• Cross-realm object access in Webpack 5 with CVSS score 9.8. fixed version: 5.76.0
• Cross-realm object access in Webpack 5 with CVSS score 9.8. fixed version: 5.76.0

About this package:

External dependency: webpack - https://www.npmjs.com/package/webpack
Package details: Packs CommonJs/AMD modules for the browser. Allows to split your codebase into multiple bundles, which can be loaded on demand. Support loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff.
Latest version: 5.91.0
License: MIT
Insights:

• Adequately tested - Testing practices are thoroughly followed
• Backed by foundation - This package is backed by a respected OSS foundation and adheres to its maintenance standards
• Frequent commits - New code commits are frequently being pushed
• Popularity - This package has many weekly downloads and high popularity scores
• Has vulnerabilities - One or more vulnerabilities have been reported for this package
• Public repository - This is a repository accessible by the general public

Remediation

Recommended fix version: 5.76.0
Upgrading will fix all current vulnerabilities.
✅ No known vulnerabilities for the recommended version.

This is a sub-dependency

In order to update its version, you may need to upgrade the following top-level dependencies:

• @docusaurus/core (Dependency declared in docs/package-lock.json)
• @docusaurus/module-type-aliases (Dependency declared in docs/package-lock.json)
• @docusaurus/preset-classic (Dependency declared in docs/package-lock.json)

View in Apiiro