5 matches found
CVE-2022-37598
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...
Code injection
DISPUTED Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...
UBUNTU-CVE-2022-37598
DISPUTED Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...
PT-2022-24020 · Mishoo +1 · Uglify-Js +1
Name of the Vulnerable Software and Affected Versions: mishoo UglifyJS version 3.13.2 Description: The issue is related to a prototype pollution vulnerability in the function DEFNODE in ast.js, specifically via the name variable. This vulnerability is present in mishoo UglifyJS. The vendor has...
CVE-2022-37598
CVE-2022-37598 describes a prototype pollution in Mishoo UglifyJS 3.13.2’s ast.js DEFNODE function, triggered via the name variable and payloads that modify Object.prototype. The connected sources show multiple advisories referencing the same vulnerability in the UglifyJS module, including notes ...