logo

Database

Prototype Pollution In node-loader-utils

Description

Prototype pollution in webpack loader-utils Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 12

10

Aliases

1. CVE-2022-376012. NVD-2022-376013. OSV-DEBIAN-2022-376014. OSV-2022-376015. GCVE-2022-376016. SECURITY-TRACKER-CVE-2022-376017. lists.debian.org

References

1. https://github.com/webpack/loader-utils/issues/2122. https://github.com/webpack/loader-utils/issues/212#issuecomment-13191928843. https://github.com/xmldom/xmldom/issues/436#issuecomment-13194128264. https://github.com/webpack/loader-utils/pull/2175. https://github.com/webpack/loader-utils/pull/2206. https://github.com/webpack/loader-utils/commit/4504e34c4796a5836ef70458327351675aed48a57. https://github.com/webpack/loader-utils/commit/a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c8. https://github.com/webpack/loader-utils/commit/f4e48a232fae900237c3e5ff7b57ce9e1c734de19. https://dl.acm.org/doi/abs/10.1145/3488932.349776910. https://dl.acm.org/doi/pdf/10.1145/3488932.349776911. https://github.com/webpack/loader-utils/releases/tag/v1.4.112. https://github.com/webpack/loader-utils/releases/tag/v2.0.313. http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.