Lucene search

PRIOn knowledge basePRION:CVE-2022-37601

HistoryOct 12, 2022 - 8:15 p.m.

Code injection

2022-10-1220:15:00

PRIOn knowledge base

www.prio-n.com

code injection

prototype pollution

webpack loader-utils

nvd

9.2 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.4%

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js.

CPENameOperatorVersion
debian_linuxeq10.0
loader-utilslt1.4.1
loader-utilsge2.0.0
loader-utilslt2.0.3

Name	Operator	Version
debian_linux	eq	10.0
loader-utils	lt	1.4.1
loader-utils	ge	2.0.0
loader-utils	lt	2.0.3

References

users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf

dl.acm.org/doi/abs/10.1145/3488932.3497769

dl.acm.org/doi/pdf/10.1145/3488932.3497769

github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js

github.com/webpack/loader-utils/issues/212

github.com/xmldom/xmldom/issues/436

lists.debian.org/debian-lts-announce/2022/12/msg00044.html