NodeJS/loader-utils/0.2.9
utils for webpack loaders
https://www.npmjs.com/package/loader-utils
MIT
1 Security Vulnerabilities
Prototype pollution in webpack loader-utils
Published date: 2022-10-13T12:00:28Z
CVE: CVE-2022-37601
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2022-37601
- https://github.com/webpack/loader-utils/issues/212
- https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11
- https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47
- https://github.com/webpack/loader-utils/releases/tag/v2.0.3
- https://github.com/advisories/GHSA-76p3-8jx3-jpfq
- https://github.com/webpack/loader-utils/pull/217
- https://github.com/webpack/loader-utils/pull/220
- https://github.com/webpack/loader-utils/releases/tag/v1.4.1
- https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884
- https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826
- https://dl.acm.org/doi/abs/10.1145/3488932.3497769
- https://dl.acm.org/doi/pdf/10.1145/3488932.3497769
- https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html
- http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf
- https://github.com/webpack/loader-utils/pull/217/commits/f4e48a232fae900237c3e5ff7b57ce9e1c734de1
- https://github.com/webpack/loader-utils/pull/220/commits/a49c061ef272bc0c61cc1d996f83bb0e3b4daa9e
- https://github.com/webpack/loader-utils/commit/f4e48a232fae900237c3e5ff7b57ce9e1c734de1
- https://github.com/webpack/loader-utils/commit/4504e34c4796a5836ef70458327351675aed48a5
- https://github.com/webpack/loader-utils/commit/a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.
Affected versions:
["0.1.0", "0.1.1", "0.1.2", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.2.16", "0.2.17", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.1.0", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.3.0", "1.4.0", "2.0.0", "2.0.1", "2.0.2"]
Secure versions:
[3.2.1, 2.0.4, 1.4.2]
Recommendation:
Update to version 3.2.1.
47 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
3.2.1 | MIT | 2022-11-11 - 00:25 | over 1 year | |
3.2.0 | MIT | 2 | 2021-11-11 - 15:42 | over 2 years |
3.1.3 | MIT | 2 | 2021-11-04 - 15:23 | over 2 years |
3.1.2 | MIT | 2 | 2021-11-04 - 14:46 | over 2 years |
3.1.1 | MIT | 2 | 2021-11-04 - 14:29 | over 2 years |
3.1.0 | MIT | 2 | 2021-10-29 - 13:18 | over 2 years |
3.0.0 | MIT | 2 | 2021-10-20 - 14:11 | over 2 years |
2.0.4 | MIT | 2022-11-11 - 00:32 | over 1 year | |
2.0.3 | MIT | 2 | 2022-10-20 - 20:00 | over 1 year |
2.0.2 | MIT | 3 | 2021-11-04 - 15:07 | over 2 years |
2.0.1 | MIT | 3 | 2021-10-29 - 13:48 | over 2 years |
2.0.0 | MIT | 3 | 2020-03-17 - 11:38 | about 4 years |
1.4.2 | MIT | 2022-11-11 - 00:35 | over 1 year | |
1.4.1 | MIT | 2 | 2022-11-07 - 20:42 | over 1 year |
1.4.0 | MIT | 3 | 2020-02-19 - 17:33 | over 4 years |
1.3.0 | MIT | 3 | 2020-02-19 - 17:06 | over 4 years |
1.2.3 | MIT | 3 | 2018-12-27 - 12:22 | over 5 years |
1.2.2 | MIT | 3 | 2018-12-27 - 10:30 | over 5 years |
1.2.1 | MIT | 3 | 2018-12-25 - 12:28 | over 5 years |
1.2.0 | MIT | 3 | 2018-12-24 - 18:13 | over 5 years |
1.1.0 | MIT | 3 | 2017-03-16 - 14:05 | about 7 years |
1.0.4 | MIT | 3 | 2017-03-14 - 10:56 | about 7 years |
1.0.3 | JSF | 3 | 2017-03-06 - 14:02 | about 7 years |
1.0.2 | MIT | 3 | 2017-02-21 - 15:37 | about 7 years |
1.0.1 | MIT | 3 | 2017-02-21 - 14:54 | about 7 years |
1.0.0 | MIT | 3 | 2017-02-20 - 23:17 | over 7 years |
0.2.17 | MIT | 1 | 2017-02-20 - 22:56 | over 7 years |
0.2.16 | MIT | 1 | 2016-09-14 - 21:56 | over 7 years |
0.2.15 | MIT | 1 | 2016-05-13 - 14:10 | about 8 years |
0.2.14 | MIT | 1 | 2016-04-09 - 13:28 | about 8 years |
0.2.13 | MIT | 1 | 2016-03-24 - 19:16 | about 8 years |
0.2.12 | MIT | 1 | 2015-11-23 - 21:50 | over 8 years |
0.2.11 | MIT | 1 | 2015-07-18 - 16:26 | almost 9 years |
0.2.10 | MIT | 1 | 2015-06-16 - 18:57 | almost 9 years |
0.2.9 | MIT | 1 | 2015-05-22 - 06:56 | about 9 years |
0.2.8 | MIT | 1 | 2015-05-21 - 20:32 | about 9 years |
0.2.7 | MIT | 1 | 2015-04-09 - 21:04 | about 9 years |
0.2.6 | MIT | 1 | 2015-01-11 - 08:48 | over 9 years |
0.2.5 | MIT | 1 | 2014-10-11 - 15:38 | over 9 years |
0.2.4 | MIT | 1 | 2014-09-24 - 19:04 | over 9 years |
0.2.3 | MIT | 1 | 2014-07-07 - 11:02 | almost 10 years |
0.2.2 | MIT | 1 | 2014-03-31 - 07:42 | about 10 years |
0.2.1 | MIT | 1 | 2013-03-25 - 22:59 | about 11 years |
0.2.0 | MIT | 1 | 2013-02-01 - 07:47 | over 11 years |
0.1.2 | MIT | 1 | 2012-11-11 - 09:32 | over 11 years |
0.1.1 | MIT | 1 | 2012-11-06 - 15:14 | over 11 years |
0.1.0 | MIT | 1 | 2012-11-02 - 09:04 | over 11 years |