Vulnerable Package issue exists @ Npm-loader-utils-2.0.0 in branch main
Prototype Pollution Vulnerability present in the loader-utils package in the function 'parseQuery()' of 'parseQuery.js' file via the 'name' variable. This vulnerability affects versions prior to 1.4.1 and 2.0.x prior to 2.0.3.
Vulnerable Package issue exists @ Npm-loader-utils-2.0.0 in branch main
Prototype Pollution Vulnerability present in the loader-utils package in the function 'parseQuery()' of 'parseQuery.js' file via the 'name' variable. This vulnerability affects versions prior to 1.4.1 and 2.0.x prior to 2.0.3.
Namespace: westonphillips Repository: CheckmarxOnePOV Repository Url: https://github.com/westonphillips/CheckmarxOnePOV CxAST-Project: westonphillips/CheckmarxOnePOV CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c Branch: main Application: CheckmarxOnePOV Severity: HIGH State: NOT_IGNORED Status: RECURRENT CWE: CWE-1321
Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: HIGH Availability impact: HIGH Remediation Upgrade Recommendation: 2.0.4
References Advisory Issue Pull request Commit Release Note