← Back

CVE-2022-37601

nvd nist
Published: Oct 12, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.

Affected (3)

Webpack.js
1 product
Loader Utils
Debian
1 product
Debian Linux
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Webpack.js
Loader Utils
Before 1.4.1
Loader Utils
From 2.0.0 to 2.0.3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 10.0

Related CWEs

CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

References (18)

Source: cve@mitre.org
Technical Description
Source: cve@mitre.org
Technical Description
Source: cve@mitre.org
Technical Description
Source: cve@mitre.org
Product
Source: cve@mitre.org
Product
Source: cve@mitre.org
Issue TrackingThird Party Advisory
Source: cve@mitre.org
ExploitIssue TrackingThird Party Advisory
Source: cve@mitre.org
ExploitIssue TrackingThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Technical Description
Source: af854a3a-2127-422b-91ae-364da2661108
Technical Description
Source: af854a3a-2127-422b-91ae-364da2661108
Technical Description
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.