Описание
thlorenz browserify-shim vulnerable to prototype pollution
Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-37623
- https://github.com/thlorenz/browserify-shim/issues/248
- https://github.com/thlorenz/browserify-shim/pull/246
- https://github.com/thlorenz/browserify-shim/commit/97855e622b6dcd117c77e6583701962ff45e7338
- https://github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L158
- https://github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L94
Пакеты
Наименование
browserify-shim
npm
Затронутые версииВерсия исправления
<= 3.8.15
3.8.16
Связанные уязвимости
CVSS3: 9.8
nvd
больше 3 лет назад
Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js.