Published: 12/10/2022 Updated: 28/02/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js.

Vulnerable Product	Search on Vulmon	Subscribe to Product
webpack.js loader-utils
debian debian linux 10.0

Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 601 releaseRed Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score, whichgives a detail ...

Synopsis Moderate: Red Hat OpenShift (Logging Subsystem) security update Type/Severity Security Advisory: Moderate Topic An update for Logging Subsystem (560) is now available for Red Hat OpenShift Container PlatformRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System ...

Checks for vulnerabilities in NPM packages and report EPSS Scores for CVEs

NPM EPSS Audit Currently NPM Audit reports severity of vulnerabilities based on the CVSS score Also the response received from NPM bulk audit used within npm audit do not include CVEs in the report as of May 2023 This interim tool uses the NPM Quick Audit end point to retrieve associated CVEs and reports corresponding EPSS scores to help prioritize vulnerabilities Note Vers

CWE-1321 https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11 https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47 https://github.com/webpack/loader-utils/issues/212 https://dl.acm.org/doi/pdf/10.1145/3488932.3497769 https://dl.acm.org/doi/abs/10.1145/3488932.3497769 https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884 http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826 https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html https://access.redhat.com/errata/RHSA-2023:0934 https://nvd.nist.gov https://github.com/softrams/npm-epss-audit

CVE-2022-37601

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect