Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-37601

Опубликовано: 14 окт. 2022
Источник: redhat
CVSS3: 8.1
EPSS Средний

Описание

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.

A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.

Отчет

Packages shipped in Red Hat Enterprise Linux use 'loader-utils' as a transitive dependency. Thus, reducing the impact to Moderate. In Red Hat containerized products like OCP and ODF, the vulnerable loader-utils NodeJS module is bundled as a transitive dependency, hence the direct impact is reduced to Moderate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Not affected
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-ui-rhel8Fix deferred
OpenShift Developer Tools and ServicesodoWill not fix
OpenShift Service Mesh 2openshift-service-mesh/kiali-rhel8Affected
OpenShift Service Mesh 2.1openshift-service-mesh/kiali-rhel8Out of support scope
OpenShift Service Mesh 2.1servicemesh-grafanaOut of support scope
OpenShift Service Mesh 2.1servicemesh-prometheusOut of support scope
Red Hat A-MQ Onlineloader-utilsNot affected
Red Hat build of Apicurio Registry 2loader-utilsNot affected
Red Hat Data Grid 8loader-utilsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-1321
https://bugzilla.redhat.com/show_bug.cgi?id=2134876loader-utils: prototype pollution in function parseQuery in parseQuery.js

EPSS

Процентиль: 94%
0.15726
Средний

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-37601

CVSS3: 9.8
ubuntu
больше 2 лет назад

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.

nvd логотип

CVE-2022-37601

CVSS3: 9.8
nvd
больше 2 лет назад

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.

msrc логотип

CVE-2022-37601

CVSS3: 9.8
msrc
около 2 лет назад

Описание отсутствует

debian логотип

CVE-2022-37601

CVSS3: 9.8
debian
больше 2 лет назад

Prototype pollution vulnerability in function parseQuery in parseQuery ...

github логотип

GHSA-76p3-8jx3-jpfq

CVSS3: 9.8
github
больше 2 лет назад

Prototype pollution in webpack loader-utils

EPSS

Процентиль: 94%
0.15726
Средний

8.1 High

CVSS3

Уязвимость CVE-2022-37601