Update data/2024/09/index.json

jser · Sep 1, 2024 · c8889fb · c8889fb
1 parent ffb681a
commit c8889fb
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/data/2024/09/index.json b/data/2024/09/index.json
@@ -0,0 1,25 @@
 {
  "list": [
  {
  "date": "2024-09-01T02:05:59.363Z",
  "title": "DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to XSS · Advisory · webpack/webpack",
  "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
  "content": "webpackのセキュリティリリース。\nユーザーが任意の属性を含む`<img>`タグをかける場合に、webpackの`publicPath: 'auto'`が有効なbundleを読み込むとXSSが発生する問題。\nwebpack 5.94.0で修正された。",
  "tags": [
  "webpack",
  "ReleaseNote",
  "security"
  ],
  "relatedLinks": [
  {
  "title": "Release v5.94.0 · webpack/webpack",
  "url": "https://github.com/webpack/webpack/releases/tag/v5.94.0"
  },
  {
  "title": "security: fix DOM clobbering in auto public path by alexander-akait · Pull Request #18700 · webpack/webpack",
  "url": "https://github.com/webpack/webpack/pull/18700"
  }
  ]
  }
  ]
 }