Fix CVE-2023-28154 in webpack HIGH

Fix CVE-2023-28154 (prototype pollution via import.meta) in webpack for npm. Paste your package.json into PackageFix and get a patched version back — no CLI, no signup.

⚠ Vulnerability

CVE-2023-28154 — prototype pollution via import.meta in webpack. Update to 5.75.0 or later.

Vulnerable Version — package.json

"webpack": "5.69.0"

Fixed Version — package.json

"webpack": "5.75.0"

✓ Fix

Update to 5.75.0 and run npm install to apply the fix.

Scan your dependencies now — paste your manifest, get a fixed version back in seconds.

Open PackageFix →

No signup · No CLI · No GitHub connection · Runs 100% in your browser

Frequently Asked Questions

What is CVE-2023-28154?

CVE-2023-28154 is a vulnerability in webpack that allows prototype pollution via import.meta. Update to version 5.75.0 or later to fix it.

Is CVE-2023-28154 on the CISA KEV catalog?

Check the live CISA KEV catalog at packagefix.dev — the catalog updates daily and PackageFix always reflects the current status.

How do I fix CVE-2023-28154 in webpack?

Update webpack to version 5.75.0 or later in your package.json. Run npm install after updating.

Does CVE-2023-28154 affect all versions of webpack?

Check the OSV advisory for the exact affected version range. PackageFix shows the minimum safe version for your installed version.