| CNNVD-ID编号 | CNNVD-202403-2183 |
| CVE编号 | CVE-2024-29180 |
| 发布时间 | 2024-03-21 |
| 更新时间 | 2024-03-22 |
| 漏洞类型 | 其他 |
| 漏洞来源 | 暂无 |
| 危险等级 | N/A |
| 威胁类型 | N/A |
| 厂 商 | webpack |
webpack-dev-middleware是webpack开源的一个 express 风格的开发中间件。用于 webpack 捆绑包,并允许提供从 webpack 发出的文件。 webpack-dev-middleware 7.1.0、6.1.2 和 5.3.4 之前版本存在安全漏洞,该漏洞源于webpack -dev-middleware中间件在返回本地文件之前没有充分验证提供的 URL 地址,导致路径遍历。
来源:github.com
链接:https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6
来源:github.com
链接:https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132
来源:github.com
链接:https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353
来源:github.com
链接:https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e
来源:github.com
来源:github.com
来源:github.com
链接:https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4
来源:github.com
链接:https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2
来源:github.com
链接:https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0
来源:access.redhat.com
CNNVD