CVE-2022-37623
CRITICALbrowserify-shim < 3.8.16 - Prototype Pollution via resolveShims Function
Title source: llmDescription
Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js.
References (3)
Core 3
Core References
Exploit, Third Party Advisory
https://github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L158
Exploit, Third Party Advisory
https://github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L94
Issue Tracking, Third Party Advisory
https://github.com/thlorenz/browserify-shim/issues/248
Scores
CVSS v3
9.8
EPSS
0.0114
EPSS Percentile
62.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-1321
Status
published
Products (2)
browserify-shim_project/browserify-shim
3.8.15
npm/browserify-shim
0 - 3.8.16npm
Published
Oct 31, 2022
Tracked Since
Feb 18, 2026