9.8
CVE-2022-37601
- EPSS 19.28%
- Veröffentlicht 12.10.2022 20:15:11
- Zuletzt bearbeitet 21.11.2024 07:15:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginloader-utils (JS package) < 2.0.3 - Prototype Pollution
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.
Mögliche Gegenmaßnahme
ElasticPress: Update to version 4.4.0, or a newer patched version
Insert Special Characters: Update to version 1.0.6, or a newer patched version
Block for Apple Maps: Update to version 1.1.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
ElasticPress
Version
* - 4.3.1
SystemWordPress Plugin
≫
Produkt
Insert Special Characters
Version
* - 1.0.5
SystemWordPress Plugin
≫
Produkt
Block for Apple Maps
Version
* - 1.0.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webpack.Js ≫ Loader-utils Version < 1.4.1
Webpack.Js ≫ Loader-utils Version >= 2.0.0 < 2.0.3
Debian ≫ Debian Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 19.28% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.