EUVD-2026-28425

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

UBUNTU-CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from not considering ParseQuery’s limitation on the total number of query parameters. Thi...

Astra Linux - уязвимость в node-loader-utils

A prototype pollution vulnerability exists in the parseQuery function in parseQuery.js, within the webpack-loader-utils module. This issue affects all versions prior to 1.4.1 and 2.0.3...

Atlassian Confluence 9.0.1 < 9.2.1 / 9.3.1 < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101574)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101574 advisory. - Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This...

EUVD-2006-5344

Malware in sbrugna...

Denial Of Service (DoS)

github.com/vektah/gqlparser is vulnerable to Denial Of Service. The vulnerability is due to improper input handling in the ParseQuery function. An attacker can exploit this by sending a crafted script to cause the parser to crash...

loader-utils: prototype pollution in function parseQuery in parseQuery.js

A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution...

SUSE CVE-2012-3153

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU...

Debian dla-3258 : node-loader-utils - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3258 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3258-1 [email protected] https://www.debian.org/lts/security/...

Prototype Pollution

node-loader-utils is vulnerable to Prototype Pollution. The vulnerability exists in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js which allows an attacker to cause a prototype pollution...

GHSA-76P3-8JX3-JPFQ Prototype pollution in webpack loader-utils

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js...

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...

DEBIAN-CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...

UBUNTU-CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...

CVE-2022-37601

Prototype pollution in webpack loader-utils: parseQuery.js via the name variable affects all versions prior to 1.4.1 and 2.0.3. CVSS v3.1 base score 9.8 (CRITICAL) with high impact on confidentiality, integrity, and availability. Remediation: upgrade loader-utils to 1.4.1+ or 2.0.3+ (patched vers...

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...

PT-2022-24022 · Webpack +2 · Loader-Utils +2

Name of the Vulnerable Software and Affected Versions: loader-utils versions prior to 1.4.1 loader-utils versions prior to 2.0.3 Description: The issue is related to a prototype pollution vulnerability in the parseQuery function within parseQuery.js in webpack loader-utils. This vulnerability is...