Ecosystem	Package	Version

Vulnerabilities

sonatype-2026-000075

sonatype-2026-000075

shakapacker - Insertion of Sensitive Information into Externally-Accessible File or Directory

Published Jan 9, 2026

https://github.com/advisories/GHSA-96qw-h329-v5rg

CVSS ScoreHigh

8.7

Ecosystem	Package	Version


npm	@jaanuu/webpacker	3.6.0-sassfix
npm	@pedrofurtado/webpacker	5.4.0-patched2
npm	@pedrofurtado/webpacker	5.4.0-patched
npm	@rails/webpacker	3.0.0-beta.0
npm	@rails/webpacker	3.0.0
npm	@rails/webpacker	3.0.1
npm	@rails/webpacker	3.0.2
npm	@rails/webpacker	3.1.0
npm	@rails/webpacker	3.1.1
npm	@rails/webpacker	3.2.0
npm	@rails/webpacker	3.2.1
npm	@rails/webpacker	3.2.2
npm	@rails/webpacker	3.3.0
npm	@rails/webpacker	3.3.1
npm	@rails/webpacker	3.4.0
npm	@rails/webpacker	3.4.1
npm	@rails/webpacker	3.4.3
npm	@rails/webpacker	3.5.0
npm	@rails/webpacker	3.5.1
npm	@rails/webpacker	3.5.2
npm	@rails/webpacker	3.5.3
npm	@rails/webpacker	3.5.5
npm	@rails/webpacker	3.6.0
npm	@rails/webpacker	4.0.0-pre.1
npm	@rails/webpacker	4.0.0-pre.2
npm	@rails/webpacker	4.0.0-pre.3
npm	@rails/webpacker	4.0.0-rc.1
npm	@rails/webpacker	4.0.0-rc.2
npm	@rails/webpacker	4.0.0-rc.3
npm	@rails/webpacker	4.0.0-rc.4
npm	@rails/webpacker	4.0.0-rc.5
npm	@rails/webpacker	4.0.0-rc.6
npm	@rails/webpacker	4.0.0-rc.7
npm	@rails/webpacker	4.0.0-rc.8
npm	@rails/webpacker	4.0.0
npm	@rails/webpacker	4.0.1
npm	@rails/webpacker	4.0.2
npm	@rails/webpacker	4.0.3
npm	@rails/webpacker	4.0.4
npm	@rails/webpacker	4.0.5
npm	@rails/webpacker	4.0.6
npm	@rails/webpacker	4.0.7
npm	@rails/webpacker	4.1.0
npm	@rails/webpacker	4.2.0
npm	@rails/webpacker	4.2.1
npm	@rails/webpacker	4.2.2
npm	@rails/webpacker	4.3.0
npm	@rails/webpacker	5.0.0
npm	@rails/webpacker	5.0.1
npm	@rails/webpacker	5.1.0

sonatype-2026-000075 | Components Impacted | Sonatype Guide | Sonatype Guide