CVE-2022-37623

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions browserify-shim version 3.8.15

Description The issue is related to a prototype pollution vulnerability in the resolveShims function, located in the resolve-shims.js file. This vulnerability is exploitable via the shimPath variable in resolve-shims.js.

Recommendations For browserify-shim version 3.8.15, consider updating to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the resolveShims function to minimize the risk of exploitation. Avoid using the shimPath variable in the affected resolve-shims.js file until the issue is resolved.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2022-37623

GHSA-CFGR-75JX-H88G

Affected Products

Browserify-Shim

CVE-2022-37623

Weakness Enumeration

Related Identifiers

Affected Products

References · 10