Ubuntu.comUB:CVE-2022-37609CVE-2022-37609
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
59.3%
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via
the name variable in options.js.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
| mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
| rodrigo-zaiden | firefox and thunderbird includes jsbeautify code in devtools/ |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | node-js-beautify | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | node-js-beautify | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | node-js-beautify | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | node-js-beautify | < any | UNKNOWN |
References
github.com/beautify-web/js-beautify/blob/6fa891e982cc3d615eed9a1a20a4fc50721bff16/js/src/core/options.js#L167
github.com/beautify-web/js-beautify/blob/6fa891e982cc3d615eed9a1a20a4fc50721bff16/js/src/core/options.js#L167.aa
github.com/beautify-web/js-beautify/issues/2106
launchpad.net/bugs/cve/CVE-2022-37609
nvd.nist.gov/vuln/detail/CVE-2022-37609
security-tracker.debian.org/tracker/CVE-2022-37609
www.cve.org/CVERecord?id=CVE-2022-37609
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
59.3%