Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js. loader-utils prior to version 3 is deprecated and no longer supported External Reference: https://github.com/webpack/loader-utils/issues/212
Created golang-github-prometheus tracking bugs for this issue: Affects: epel-7 [bug 2149392] Created seamonkey tracking bugs for this issue: Affects: epel-8 [bug 2149393]
This issue has been addressed in the following products: RHOL-5.6-RHEL-8 Via RHSA-2023:0264 https://access.redhat.com/errata/RHSA-2023:0264
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-37601
This issue has been addressed in the following products: MTA-6.0-RHEL-8 Via RHSA-2023:0934 https://access.redhat.com/errata/RHSA-2023:0934