Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

CVE-2022-37601 | loader-utils:1.4.0 (CWE-0) #82

Open
ckalpakoglu opened this issue Jan 2, 2023 · 0 comments
Open

CVE-2022-37601 | loader-utils:1.4.0 (CWE-0) #82

ckalpakoglu opened this issue Jan 2, 2023 · 0 comments
Assignees
@ckalpakoglu
Labels
bug Something isn't working KONDUKTO

Comments

@ckalpakoglu
Copy link

A critical severity vulnerability has been discovered in your project.

Project Name: kondukto-ui-vue

Scanner Name: dependabot

File: package-lock.json

Packages:

  • loader-utils:1.4.0

References:

Tool Description: Summary: Prototype pollution in webpack loader-utils.
Description: Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.
@ckalpakoglu ckalpakoglu added bug Something isn't working KONDUKTO labels Jan 2, 2023
@ckalpakoglu ckalpakoglu self-assigned this Jan 2, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@ckalpakoglu ckalpakoglu

Labels
bug Something isn't working KONDUKTO
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ckalpakoglu