5 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-37598
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an...
CVE-2022-37598
A prototype pollution vulnerability was found in UglifyJS, stemming from the DEFNODE function in ast.js via the name variable. Exploiting this flaw involves adding or altering properties of the Object.prototype through a "proto" or constructor payload, enabling an attacker to execute arbitrary co...
Prototype Pollution
uglify-js is vulnerable to prototype pollution. The vulnerability exists in DEFNODE function of ast.js via the name variable which allows an attacker to inject malicious property resulting in prototype pollution...
CVE-2022-37598
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...
PT-2022-24020 · Mishoo +1 · Uglify-Js +1
Name of the Vulnerable Software and Affected Versions: mishoo UglifyJS version 3.13.2 Description: The issue is related to a prototype pollution vulnerability in the function DEFNODE in ast.js, specifically via the name variable. This vulnerability is present in mishoo UglifyJS. The vendor has...