Lucene search

GitHub Advisory DatabaseGHSA-CFGR-75JX-H88G

HistoryOct 31, 2022 - 7:00 p.m.

thlorenz browserify-shim vulnerable to prototype pollution

2022-10-3119:00:36

CWE-1321

GitHub Advisory Database

github.com

thlorenz

browserify-shim

vulnerable

prototype pollution

resolve-shims

shimpath

software

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

71.4%

JSON

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js.

Affected configurations

Vulners

Node

browserify-shim_projectbrowserify-shimRange≤3.8.15

VendorProductVersionCPE
browserify-shim_projectbrowserify-shim*cpe:2.3:a:browserify-shim_project:browserify-shim:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
browserify-shim_project	browserify-shim	*	cpe:2.3:a:browserify-shim_project:browserify-shim::::::::

References

github.com/advisories/GHSA-cfgr-75jx-h88g

github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L158

github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L94

github.com/thlorenz/browserify-shim/commit/97855e622b6dcd117c77e6583701962ff45e7338

github.com/thlorenz/browserify-shim/issues/248

github.com/thlorenz/browserify-shim/pull/246

nvd.nist.gov/vuln/detail/CVE-2022-37623

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

71.4%

JSON

Related for GHSA-CFGR-75JX-H88G