CVE-2022-37601
CVE-2022-37601
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://dl.acm.org/doi/abs/10.1145/3488932.3497769https://dl.acm.org/doi/pdf/10.1145/3488932.3497769https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47https://github.com/webpack/loader-utils/issues/212https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826https://lists.debian.org/debian-lts-announce/2022/12/msg00044.htmlhttp://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf