Vulnerability feed

Vulnerability

CVE-2022-37601

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-37601
Description:: Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.
Last updated date:: 05/14/2024

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/13/2022
Reference url to background: https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/13/2022
Reference url to background: https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/28/2023
Reference url to background: https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/28/2023
Reference url to background: https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826

Vulnerability Feed Contributors About Blog

@inTheWild

©2025 |