Vulnerability	Vulnerable Version
L Insertion of Sensitive Information into Externally-Accessible File or Directory @storybook/builder-webpack5 is an A Storybook builder to dev and build with Webpack Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the `storybook build` command. An attacker can access sensitive environment variables by viewing the bundled source code after the build artifacts are published to the web. This is only exploitable if the build is performed in a directory containing a `.env` file and the resulting build is published to the web. How to fix Insertion of Sensitive Information into Externally-Accessible File or Directory? Upgrade `@storybook/builder-webpack5` to version 7.6.21, 8.6.15, 9.1.17, 10.1.10, 10.2.0-alpha.7 or higher.	>=7.0.0 <7.6.21>=8.0.0-alpha.0 <8.6.15>=9.0.0-alpha.0 <9.1.17>=10.0.0-beta.0 <10.1.10>=10.2.0-alpha.0 <10.2.0-alpha.7

Insertion of Sensitive Information into Externally-Accessible File or Directory

@storybook/builder-webpack5 is an A Storybook builder to dev and build with Webpack

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the storybook build command. An attacker can access sensitive environment variables by viewing the bundled source code after the build artifacts are published to the web. This is only exploitable if the build is performed in a directory containing a .env file and the resulting build is published to the web.

How to fix Insertion of Sensitive Information into Externally-Accessible File or Directory?

Upgrade @storybook/builder-webpack5 to version 7.6.21, 8.6.15, 9.1.17, 10.1.10, 10.2.0-alpha.7 or higher.

>=7.0.0 <7.6.21>=8.0.0-alpha.0 <8.6.15>=9.0.0-alpha.0 <9.1.17>=10.0.0-beta.0 <10.1.10>=10.2.0-alpha.0 <10.2.0-alpha.7

Go back to all versions of this package