Prototype Pollution

2022-11-1605:59:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

node-loader-utils

vulnerability

parsequery function

prototype pollution

webpack loader-utils

name variable

attacker

0.01 Low

EPSS

Percentile

83.4%

JSON

node-loader-utils is vulnerable to Prototype Pollution. The vulnerability exists in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js which allows an attacker to cause a prototype pollution.

CPENameOperatorVersion
node-loader-utils:sideq2.0.0-1
389-ds-baseeq2.0.3__3.module_el8+11636+f9d8b93b.1
389-ds-baseeq1.4.3.27__2.module+el8dsrv+12690+c6df6d1b
389-ds-baseeq1.4.1.10__1.module+el8dsrv+4575+0d8b81fc
389-ds-baseeq1.4.4.9__1.module_el8+10763+39cf6b48
389-ds-baseeq2.0.4__2.module_el8+12007+a1aabee1
389-ds-baseeq1.4.3.9__1.module_el8+9055+cfd21e9f
389-ds-baseeq2.0.13__1.module_el8+13725+ceb5f4ae
389-ds-baseeq1.4.3.16__4.module_el8.4.0+578+f55145db
389-ds-baseeq1.4.3.13__1.module+el8dsrv+8334+69a46a2e

Name	Operator	Version
node-loader-utils:sid	eq	2.0.0-1
389-ds-base	eq	2.0.3__3.module_el8+11636+f9d8b93b.1
389-ds-base	eq	1.4.3.27__2.module+el8dsrv+12690+c6df6d1b
389-ds-base	eq	1.4.1.10__1.module+el8dsrv+4575+0d8b81fc
389-ds-base	eq	1.4.4.9__1.module_el8+10763+39cf6b48
389-ds-base	eq	2.0.4__2.module_el8+12007+a1aabee1
389-ds-base	eq	1.4.3.9__1.module_el8+9055+cfd21e9f
389-ds-base	eq	2.0.13__1.module_el8+13725+ceb5f4ae
389-ds-base	eq	1.4.3.16__4.module_el8.4.0+578+f55145db
389-ds-base	eq	1.4.3.13__1.module+el8dsrv+8334+69a46a2e