Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1jZmdyLTc1angtaDg4Z84AAvmz

Critical EPSS: 0.00136% (0.34095 Percentile) EPSS:
Permalink JSON

thlorenz browserify-shim vulnerable to prototype pollution

Affected Packages Affected Versions Fixed Versions
npm:browserify-shim
PURL: pkg:npm/browserify-shim
<= 3.8.15 3.8.16
1,567 Dependent packages
13,124 Dependent repositories
129,329 Downloads last month

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.6.0, 1.0.0, 1.0.1, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 3.8.10, 3.8.11, 3.8.12, 3.8.13, 3.8.14, 3.8.15

All unaffected versions

3.8.16

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js.

References:

Identifiers

GHSA-cfgr-75jx-h88g

CVE-2022-37623

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00136

EPSS Percentile: 0.34095

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/thlorenz/browserify-shim

Date and time

Published

almost 3 years ago

Updated

over 1 year ago

API

JSON