thlorenz browserify-shim vulnerable to prototype pollution

Severity:: High

Description

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js.

Recommendation

Update the browserify-shim package to the latest compatible version. Followings are version details:

Affected version(s): <= 3.8.15
Patched version(s): 3.8.16

References

GHSA-866w-wm4h-95c6
CVE-2022-37617
CWE-1321
CAPEC-310
OWASP 2021-A6

Related Issues

thlorenz browserify-shim vulnerable to prototype pollution (GHSA-r737-347m-wqc7) - CVE-2022-37621
thlorenz browserify-shim vulnerable to prototype pollution (GHSA-cfgr-75jx-h88g) - CVE-2022-37623
steal vulnerable to Prototype Pollution - CVE-2022-37258
steal vulnerable to Prototype Pollution via alias variable - CVE-2022-37265

Tags:: npm; browserify-shim

Anything's wrong? Let us know Last updated on April 22, 2024