Skip to content
This repository has been archived by the owner on Jun 2, 2023. It is now read-only.

CVE-2022-37601 @ Npm-loader-utils-1.2.3 #12

Closed
yangricardo opened this issue Apr 5, 2023 · 0 comments
Closed

CVE-2022-37601 @ Npm-loader-utils-1.2.3 #12

yangricardo opened this issue Apr 5, 2023 · 0 comments
Labels
branch:main Checkmarx CxSCA

Comments

@yangricardo
Copy link
Owner

Vulnerable Package issue exists @ Npm-loader-utils-1.2.3 in branch main

Prototype Pollution Vulnerability present in the loader-utils package in the function 'parseQuery()' of 'parseQuery.js' file via the 'name' variable. This vulnerability affects versions prior to 1.4.1 and 2.0.x prior to 2.0.3.

Namespace: yangricardo
Repository: nextjs-tailwind-reacthook-form-ant-design-template
Repository Url: https://github.com/yangricardo/nextjs-tailwind-reacthook-form-ant-design-template
CxAST-Project: yangricardo/nextjs-tailwind-reacthook-form-ant-design-template
CxAST platform scan: 8fc1cf6c-819f-4734-b20d-87c2af04c0b2
Branch: main
Application: nextjs-tailwind-reacthook-form-ant-design-template
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-1321

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: HIGH
Availability impact: HIGH
Remediation Upgrade Recommendation: 1.4.2

References
Advisory
Issue
Pull request
Commit
Release Note
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
branch:main Checkmarx CxSCA
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yangricardo