Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js.
References
Link | Resource |
---|---|
http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf | Technical Description |
https://dl.acm.org/doi/abs/10.1145/3488932.3497769 | Technical Description |
https://dl.acm.org/doi/pdf/10.1145/3488932.3497769 | Technical Description |
https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11 | Product |
https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47 | Product |
https://github.com/webpack/loader-utils/issues/212 | Issue Tracking Third Party Advisory |
https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884 | Exploit Issue Tracking Third Party Advisory |
https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826 | Exploit Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-12T00:00:00
Updated: 2024-05-10T15:59:24.822577
Reserved: 2022-08-08T00:00:00
Link: CVE-2022-37601
JSON object: View
NVD Information
Status : Modified
Published: 2022-10-12T20:15:11.263
Modified: 2024-05-14T11:13:00.253
Link: CVE-2022-37601
JSON object: View
Redhat Information
No data.
CWE