[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-37601":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":99,"aliases":114,"duplicate_of":9,"upstream":116,"downstream":117,"duplicates":128,"related":129,"reserved_at":9,"published_at":132,"modified_at":133,"state":134,"summary":135,"references_raw":143,"kevs":231,"epss":232,"epss_history":235,"metrics":485,"affected":499},"CVE-2022-37601","Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.",null,[11,93],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-1321","Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.","weakness","Incomplete","Variant",[19,67,89],{"id":20,"name":21,"techniques":22},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[23],{"id":24,"name":25,"tactics":26,"countermeasures":42},"T1574.010","Services File Permissions Weakness",[27,30,33,36,39],{"id":28,"name":29},"TA0110","Persistence",{"id":31,"name":32},"TA0111","Privilege Escalation",{"id":34,"name":35},"TA0030","Defense Evasion",{"id":37,"name":38},"TA0005","Stealth",{"id":40,"name":41},"TA0104","Execution",[43,48,52,57,62],{"id":44,"name":45,"tactic":46},"D3-SWI","Software Inventory",{"name":47},"Model",{"id":49,"name":50,"tactic":51},"D3-AVE","Asset Vulnerability Enumeration",{"name":47},{"id":53,"name":54,"tactic":55},"D3-SBV","Service Binary Verification",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SU","Software Update",{"name":61},"Harden",{"id":63,"name":64,"tactic":65},"D3-RS","Restore Software",{"name":66},"Restore",{"id":68,"name":69,"techniques":70},"CAPEC-180","Exploiting Incorrectly Configured Access Control Security Levels",[71],{"id":24,"name":25,"tactics":72,"countermeasures":78},[73,74,75,76,77],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[79,81,83,85,87],{"id":44,"name":45,"tactic":80},{"name":47},{"id":49,"name":50,"tactic":82},{"name":47},{"id":53,"name":54,"tactic":84},{"name":56},{"id":58,"name":59,"tactic":86},{"name":61},{"id":63,"name":64,"tactic":88},{"name":66},{"id":90,"name":91,"techniques":92},"CAPEC-77","Manipulating User-Controlled Variables",[],{"_key":94,"id":94,"name":95,"description":96,"type":15,"status":16,"abstraction":97,"likelihood_of_exploit":9,"capec":98},"CWE-915","Improperly Controlled Modification of Dynamically-Determined Object Attributes","The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.","Base",[],[100,109],{"_key":101,"name":102,"source":103,"url":104,"maturity":105,"reliability_score":106,"verified":107,"type":9,"platforms":108,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_WEBPACK_LOADER-UTILS","Loader Utils","github","https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884","poc",0.3,false,[],{"_key":110,"name":111,"source":103,"url":112,"maturity":105,"reliability_score":106,"verified":107,"type":9,"platforms":113,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_XMLDOM_XMLDOM","Xmldom","https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826",[],[115],"GHSA-76p3-8jx3-jpfq",[],[118,120,122,124,126],{"_key":119},"DLA-3258-1",{"_key":121},"DEBIAN-CVE-2022-37601",{"_key":123},"UBUNTU-CVE-2022-37601",{"_key":125},"RHSA-2023:6420",{"_key":127},"RHSA-2023:6972",[],[130],{"_key":131},"CGA-77FM-R23V-C6WW","2022-10-12T00:00:00.000Z","2024-10-28T19:41:38.297Z","Modified",{"cisa_kev":107,"cisa_ransomware":107,"cisa_vendor":9,"epss_severity":136,"epss_score":137,"severity":138,"severity_score":139,"severity_version":140,"severity_source":141,"severity_vector":142,"severity_status":134},"medium",0.18844,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[144,150,154,162,166,171,175,179,182,187,192,196,200,204,208,212,217,221,225],{"url":145,"sources":146,"tags":148},"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11",[147,141],"cve.org",[149],"Product",{"url":151,"sources":152,"tags":153},"https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47",[147,141],[149],{"url":155,"sources":156,"tags":158},"https://github.com/webpack/loader-utils/issues/212",[147,141,157],"osv_npm",[159,160,161],"Issue Tracking","Third Party Advisory","WEB",{"url":104,"sources":163,"tags":164},[147,141,157],[165,159,160,161],"Exploit",{"url":167,"sources":168,"tags":169},"https://dl.acm.org/doi/abs/10.1145/3488932.3497769",[147,141,157],[170,161],"Technical Description",{"url":172,"sources":173,"tags":174},"https://dl.acm.org/doi/pdf/10.1145/3488932.3497769",[147,141,157],[170,161],{"url":176,"sources":177,"tags":178},"http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf",[147,141,157],[170,161],{"url":112,"sources":180,"tags":181},[147,141,157],[165,159,160,161],{"url":183,"sources":184,"tags":185},"https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html",[147,141,157],[186,160,161],"Mailing List",{"url":188,"sources":189,"tags":190},"https://nvd.nist.gov/vuln/detail/CVE-2022-37601",[157],[191],"Advisory",{"url":193,"sources":194,"tags":195},"https://github.com/webpack/loader-utils/pull/217",[157],[161],{"url":197,"sources":198,"tags":199},"https://github.com/webpack/loader-utils/pull/220",[157],[161],{"url":201,"sources":202,"tags":203},"https://github.com/webpack/loader-utils/commit/4504e34c4796a5836ef70458327351675aed48a5",[157],[161],{"url":205,"sources":206,"tags":207},"https://github.com/webpack/loader-utils/commit/a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c",[157],[161],{"url":209,"sources":210,"tags":211},"https://github.com/webpack/loader-utils/commit/f4e48a232fae900237c3e5ff7b57ce9e1c734de1",[157],[161],{"url":213,"sources":214,"tags":215},"https://github.com/webpack/loader-utils",[157],[216],"PACKAGE",{"url":218,"sources":219,"tags":220},"https://github.com/webpack/loader-utils/releases/tag/v1.4.1",[157],[161],{"url":222,"sources":223,"tags":224},"https://github.com/webpack/loader-utils/releases/tag/v2.0.3",[157],[161],{"url":226,"sources":227,"tags":229},"https://www.wordfence.com/threat-intel/vulnerabilities/id/45a49dca-2ed2-44cf-a0fe-0f1440a78cc2",[228],"wordfence",[230],"Vendor Advisory",[],{"date":233,"score":137,"percentile":234},"2026-06-04",0.95423,[236,240,244,247,250,252,254,257,259,262,265,268,270,272,274,278,281,284,287,290,293,295,298,301,304,307,310,312,315,318,320,323,326,328,331,334,337,340,343,346,348,351,353,356,359,362,365,367,369,371,375,378,381,383,386,389,391,393,396,399,402,405,408,411,413,416,419,422,425,427,429,431,433,435,438,441,444,447,450,453,456,459,462,465,468,471,473,476,479,482],{"date":237,"score":238,"percentile":239},"2025-11-04",0.24562,0.95881,{"date":241,"score":242,"percentile":243},"2025-11-05",0.19278,0.95102,{"date":245,"score":242,"percentile":246},"2025-11-06",0.95103,{"date":248,"score":242,"percentile":249},"2025-11-07",0.95105,{"date":251,"score":242,"percentile":243},"2025-11-08",{"date":253,"score":242,"percentile":246},"2025-11-09",{"date":255,"score":242,"percentile":256},"2025-11-10",0.95104,{"date":258,"score":242,"percentile":249},"2025-11-11",{"date":260,"score":242,"percentile":261},"2025-11-12",0.95108,{"date":263,"score":242,"percentile":264},"2025-11-13",0.95107,{"date":266,"score":242,"percentile":267},"2025-11-14",0.95109,{"date":269,"score":242,"percentile":249},"2025-11-15",{"date":271,"score":242,"percentile":264},"2025-11-16",{"date":273,"score":242,"percentile":267},"2025-11-17",{"date":275,"score":276,"percentile":277},"2025-11-18",0.11764,0.93004,{"date":279,"score":276,"percentile":280},"2025-11-19",0.93008,{"date":282,"score":276,"percentile":283},"2025-11-20",0.93013,{"date":285,"score":242,"percentile":286},"2025-11-21",0.95117,{"date":288,"score":242,"percentile":289},"2025-11-22",0.95115,{"date":291,"score":242,"percentile":292},"2025-11-23",0.95116,{"date":294,"score":242,"percentile":286},"2025-11-24",{"date":296,"score":242,"percentile":297},"2025-11-25",0.95121,{"date":299,"score":242,"percentile":300},"2025-11-26",0.95123,{"date":302,"score":242,"percentile":303},"2025-11-27",0.95126,{"date":305,"score":242,"percentile":306},"2025-11-28",0.95125,{"date":308,"score":242,"percentile":309},"2025-11-29",0.95129,{"date":311,"score":242,"percentile":306},"2025-11-30",{"date":313,"score":242,"percentile":314},"2025-12-01",0.95164,{"date":316,"score":242,"percentile":317},"2025-12-02",0.95163,{"date":319,"score":242,"percentile":314},"2025-12-03",{"date":321,"score":242,"percentile":322},"2025-12-04",0.95124,{"date":324,"score":242,"percentile":325},"2025-12-05",0.95127,{"date":327,"score":242,"percentile":325},"2025-12-06",{"date":329,"score":242,"percentile":330},"2025-12-07",0.95133,{"date":332,"score":242,"percentile":333},"2025-12-08",0.95131,{"date":335,"score":242,"percentile":336},"2025-12-09",0.95135,{"date":338,"score":242,"percentile":339},"2025-12-10",0.95142,{"date":341,"score":242,"percentile":342},"2025-12-11",0.95145,{"date":344,"score":242,"percentile":345},"2025-12-12",0.95147,{"date":347,"score":242,"percentile":345},"2025-12-13",{"date":349,"score":242,"percentile":350},"2025-12-14",0.95143,{"date":352,"score":242,"percentile":345},"2025-12-15",{"date":354,"score":242,"percentile":355},"2025-12-16",0.9515,{"date":357,"score":242,"percentile":358},"2025-12-17",0.95154,{"date":360,"score":242,"percentile":361},"2025-12-18",0.95158,{"date":363,"score":238,"percentile":364},"2025-12-19",0.95927,{"date":366,"score":238,"percentile":364},"2025-12-20",{"date":368,"score":238,"percentile":364},"2025-12-21",{"date":370,"score":238,"percentile":364},"2025-12-22",{"date":372,"score":373,"percentile":374},"2025-12-23",0.1994,0.95267,{"date":376,"score":373,"percentile":377},"2025-12-24",0.95271,{"date":379,"score":373,"percentile":380},"2025-12-25",0.95276,{"date":382,"score":373,"percentile":380},"2025-12-26",{"date":384,"score":373,"percentile":385},"2025-12-27",0.95301,{"date":387,"score":373,"percentile":388},"2025-12-28",0.9527,{"date":390,"score":373,"percentile":388},"2025-12-29",{"date":392,"score":373,"percentile":377},"2025-12-30",{"date":394,"score":373,"percentile":395},"2025-12-31",0.95274,{"date":397,"score":373,"percentile":398},"2026-01-01",0.95314,{"date":400,"score":373,"percentile":401},"2026-01-02",0.9531,{"date":403,"score":373,"percentile":404},"2026-01-03",0.95306,{"date":406,"score":373,"percentile":407},"2026-01-04",0.95261,{"date":409,"score":238,"percentile":410},"2026-01-05",0.9593,{"date":412,"score":242,"percentile":358},"2026-01-06",{"date":414,"score":242,"percentile":415},"2026-01-07",0.95153,{"date":417,"score":242,"percentile":418},"2026-01-08",0.95159,{"date":420,"score":242,"percentile":421},"2026-01-09",0.9516,{"date":423,"score":242,"percentile":424},"2026-01-10",0.95161,{"date":426,"score":242,"percentile":421},"2026-01-11",{"date":428,"score":242,"percentile":421},"2026-01-12",{"date":430,"score":242,"percentile":361},"2026-01-13",{"date":432,"score":242,"percentile":317},"2026-01-14",{"date":434,"score":242,"percentile":314},"2026-01-15",{"date":436,"score":242,"percentile":437},"2026-01-16",0.95166,{"date":439,"score":242,"percentile":440},"2026-01-17",0.9517,{"date":442,"score":242,"percentile":443},"2026-01-18",0.95169,{"date":445,"score":242,"percentile":446},"2026-01-19",0.95167,{"date":448,"score":242,"percentile":449},"2026-01-20",0.95172,{"date":451,"score":242,"percentile":452},"2026-01-21",0.95175,{"date":454,"score":242,"percentile":455},"2026-01-22",0.95178,{"date":457,"score":242,"percentile":458},"2026-01-23",0.95184,{"date":460,"score":242,"percentile":461},"2026-01-24",0.95187,{"date":463,"score":242,"percentile":464},"2026-01-25",0.9519,{"date":466,"score":242,"percentile":467},"2026-01-26",0.95192,{"date":469,"score":242,"percentile":470},"2026-01-27",0.95191,{"date":472,"score":242,"percentile":467},"2026-01-28",{"date":474,"score":242,"percentile":475},"2026-01-29",0.95194,{"date":477,"score":242,"percentile":478},"2026-01-30",0.95193,{"date":480,"score":242,"percentile":481},"2026-01-31",0.95195,{"date":483,"score":242,"percentile":484},"2026-02-01",0.95233,[486,490,492],{"source":141,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":487,"cvss_v4_0":9},{"baseScore":139,"baseSeverity":488,"vectorString":142,"impactScore":139,"exploitabilityScore":489},"CRITICAL",10,{"source":157,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":491,"cvss_v4_0":9},{"baseScore":139,"baseSeverity":9,"vectorString":142,"impactScore":139,"exploitabilityScore":489},{"source":228,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":493,"cvss_v4_0":9},{"baseScore":494,"baseSeverity":495,"vectorString":496,"impactScore":497,"exploitabilityScore":498},5.4,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",4.5,5.9,[500,509,525,533,542,550],{"ecosystem":9,"name":501,"vendor":502,"product":503,"cpe_part":504,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":505},"debian linux","debian","debian_linux","o",[506],{"version":507,"is_range":107,"range_type":508,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":510,"name":511,"vendor":510,"product":511,"cpe_part":9,"purl_type":512,"purl_namespace":9,"purl_name":511,"source":9,"versions":513},"Npm","loader-utils","npm",[514,522],{"version":515,"is_range":516,"range_type":517,"version_start":518,"version_start_type":519,"version_end":520,"version_end_type":521,"fixed_in":9},"gte2_0_0_lt2_0_3",true,"semver","2.0.0","including","2.0.3","excluding",{"version":523,"is_range":516,"range_type":517,"version_start":9,"version_start_type":9,"version_end":524,"version_end_type":521,"fixed_in":9},"lt1_4_1","1.4.1",{"ecosystem":9,"name":511,"vendor":526,"product":511,"cpe_part":527,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":528},"webpack.js","a",[529,531],{"version":530,"is_range":516,"range_type":508,"version_start":9,"version_start_type":9,"version_end":524,"version_end_type":521,"fixed_in":9},"lt1.4.1",{"version":532,"is_range":516,"range_type":508,"version_start":518,"version_start_type":519,"version_end":520,"version_end_type":521,"fixed_in":9},"gte2.0.0_lt2.0.3",{"ecosystem":9,"name":534,"vendor":535,"product":536,"cpe_part":527,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":537},"ElasticPress","wordpress","elasticpress",[538],{"version":539,"is_range":516,"range_type":228,"version_start":9,"version_start_type":9,"version_end":540,"version_end_type":519,"fixed_in":541},">=*,\u003C=4.3.1","4.3.1","4.4.0",{"ecosystem":9,"name":543,"vendor":535,"product":544,"cpe_part":527,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":545},"Insert Special Characters","insert-special-characters",[546],{"version":547,"is_range":516,"range_type":228,"version_start":9,"version_start_type":9,"version_end":548,"version_end_type":519,"fixed_in":549},">=*,\u003C=1.0.5","1.0.5","1.0.6",{"ecosystem":9,"name":551,"vendor":535,"product":552,"cpe_part":527,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":553},"Block for Apple Maps","maps-block-apple",[554],{"version":555,"is_range":516,"range_type":228,"version_start":9,"version_start_type":9,"version_end":556,"version_end_type":519,"fixed_in":557},">=*,\u003C=1.0.3","1.0.3","1.1.0"]