CVE-2022-37601 @ Npm-loader-utils-1.2.3

**Vulnerable Package** issue exists @ **Npm\-loader\-utils\-1.2.3** in branch **main**

Prototype Pollution Vulnerability present in the loader-utils package in the function 'parseQuery()' of 'parseQuery.js' file via the 'name' variable. This vulnerability affects versions prior to 1.4.1 and 2.0.x prior to 2.0.3.

**Namespace:** yangricardo
**Repository:** nextjs-tailwind-reacthook-form-ant-design-template
**Repository Url:** https://github.com/yangricardo/nextjs-tailwind-reacthook-form-ant-design-template
**CxAST\-Project:** yangricardo/nextjs-tailwind-reacthook-form-ant-design-template
**CxAST platform scan:** [8fc1cf6c\-819f\-4734\-b20d\-87c2af04c0b2](https://ast.checkmarx.net/projects/40c38ad0-7ad1-4fe3-b192-9702d2e95d0a/scans?id=8fc1cf6c-819f-4734-b20d-87c2af04c0b2&branch=main)
**Branch:** main
**Application:** nextjs-tailwind-reacthook-form-ant-design-template
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-1321


----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** HIGH
**Availability impact:** HIGH
**Remediation Upgrade Recommendation:** 1.4.2


----
**References**
[Advisory](https://github.com/advisories/GHSA-76p3-8jx3-jpfq)
[Issue](https://github.com/webpack/loader-utils/issues/212)
[Pull request](https://github.com/webpack/loader-utils/pull/217)
[Commit](https://github.com/webpack/loader-utils/commit/a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c)
[Release Note](https://github.com/webpack/loader-utils/releases/tag/v2.0.3)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2022-37601 @ Npm-loader-utils-1.2.3 #12

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2022-37601 @ Npm-loader-utils-1.2.3 #12

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions