thlorenz browserify-shim vulnerable to prototype pollution - browserify-shim - GHSA-cfgr-75jx-h88g

Severity:: High

Description

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js.

Recommendation

Update the browserify-shim package to the latest compatible version. Followings are version details:

Affected version(s): <= 3.8.15
Patched version(s): 3.8.16

References

GHSA-cfgr-75jx-h88g
CVE-2022-37623
CWE-1321
CAPEC-310
OWASP 2021-A6

Related Issues

thlorenz browserify-shim vulnerable to prototype pollution - browserify-shim - CVE-2022-37621
thlorenz browserify-shim vulnerable to prototype pollution - CVE-2022-37617
steal vulnerable to Prototype Pollution via optionName variable - CVE-2022-37264
steal vulnerable to Prototype Pollution - CVE-2022-37258

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; browserify-shim

Anything's wrong? Let us know Last updated on April 22, 2024