Fluid Attacks Database

Description

thlorenz browserify-shim vulnerable to prototype pollution Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	browserify-shim	>=0 <3.8.16	3.8.16

Aliases

1. CVE-2022-376172. NVD-2022-376173. OSV-2022-376174. GCVE-2022-37617

References

1. https://github.com/thlorenz/browserify-shim/issues/2452. https://github.com/thlorenz/browserify-shim/pull/2463. https://github.com/thlorenz/browserify-shim/commit/97855e622b6dcd117c77e6583701962ff45e73384. https://github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L1305. https://github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L158

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.