{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-37601", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-28T19:41:38.297Z", "dateReserved": "2022-08-08T00:00:00", "datePublished": "2022-10-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-10T15:59:24.822577"}, "descriptions": [{"lang": "en", "value": "Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11"}, {"url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47"}, {"url": "https://github.com/webpack/loader-utils/issues/212"}, {"url": "https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884"}, {"url": "https://dl.acm.org/doi/abs/10.1145/3488932.3497769"}, {"url": "https://dl.acm.org/doi/pdf/10.1145/3488932.3497769"}, {"url": "http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf"}, {"url": "https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826"}, {"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3258-1] node-loader-utils security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:29:21.030Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11", "tags": ["x_transferred"]}, {"url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47", "tags": ["x_transferred"]}, {"url": "https://github.com/webpack/loader-utils/issues/212", "tags": ["x_transferred"]}, {"url": "https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884", "tags": ["x_transferred"]}, {"url": "https://dl.acm.org/doi/abs/10.1145/3488932.3497769", "tags": ["x_transferred"]}, {"url": "https://dl.acm.org/doi/pdf/10.1145/3488932.3497769", "tags": ["x_transferred"]}, {"url": "http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf", "tags": ["x_transferred"]}, {"url": "https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3258-1] node-loader-utils security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-28T19:39:00.731353Z", "id": "CVE-2022-37601", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T19:41:38.297Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11", "tags": ["x_transferred"]}, {"url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47", "tags": ["x_transferred"]}, {"url": "https://github.com/webpack/loader-utils/issues/212", "tags": ["x_transferred"]}, {"url": "https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884", "tags": ["x_transferred"]}, {"url": "https://dl.acm.org/doi/abs/10.1145/3488932.3497769", "tags": ["x_transferred"]}, {"url": "https://dl.acm.org/doi/pdf/10.1145/3488932.3497769", "tags": ["x_transferred"]}, {"url": "http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf", "tags": ["x_transferred"]}, {"url": "https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html", "name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3258-1] node-loader-utils security update", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:29:21.030Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-37601", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-28T19:39:00.731353Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-10T17:48:09.947Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11"}, {"url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47"}, {"url": "https://github.com/webpack/loader-utils/issues/212"}, {"url": "https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884"}, {"url": "https://dl.acm.org/doi/abs/10.1145/3488932.3497769"}, {"url": "https://dl.acm.org/doi/pdf/10.1145/3488932.3497769"}, {"url": "http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf"}, {"url": "https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html", "name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3258-1] node-loader-utils security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-10T15:59:24.822577"}}}, "cveMetadata": {"cveId": "CVE-2022-37601", "state": "PUBLISHED", "dateUpdated": "2024-10-28T19:41:38.297Z", "dateReserved": "2022-08-08T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-10-12T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D129CBD-E544-4159-B270-BB3D49CAFF82", "versionEndExcluding": "1.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AAE143-8D1E-4D05-B9B0-00EDD0F4262C", "versionEndExcluding": "2.0.3", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3."}, {"lang": "es", "value": "Una vulnerabilidad de contaminaci\u00f3n de prototipos en la funci\u00f3n parseQuery en el archivo parseQuery.js en webpack loader-utils 2.0.0 por medio de la variable name en parseQuery.js"}], "id": "CVE-2022-37601", "lastModified": "2024-11-21T07:15:02.190", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-12T20:15:11.263", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf"}, {"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "https://dl.acm.org/doi/abs/10.1145/3488932.3497769"}, {"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "https://dl.acm.org/doi/pdf/10.1145/3488932.3497769"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/webpack/loader-utils/issues/212"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "https://dl.acm.org/doi/abs/10.1145/3488932.3497769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "https://dl.acm.org/doi/pdf/10.1145/3488932.3497769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/webpack/loader-utils/issues/212"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1321"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0934", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.0::el8", "impact": "moderate", "package": "mta/mta-ui-rhel8:6.0.1-10", "product_name": "MTA-6.0-RHEL-8", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:0264", "cpe": "cpe:/a:redhat:logging:5.6::el8", "impact": "moderate", "package": "openshift-logging/logging-view-plugin-rhel8:v5.6.0-28", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2023-01-19T00:00:00Z"}], "bugzilla": {"description": "loader-utils: prototype pollution in function parseQuery in parseQuery.js", "id": "2134876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-1321", "details": ["Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.", "A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution."], "name": "CVE-2022-37601", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "impact": "moderate", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Fix deferred", "impact": "moderate", "package_name": "migration-toolkit-virtualization/mtv-ui-rhel8", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Will not fix", "impact": "moderate", "package_name": "odo", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "servicemesh-prometheus", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:amq_online:1", "fix_state": "Will not fix", "impact": "moderate", "package_name": "loader-utils", "product_name": "Red Hat A-MQ Online"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Not affected", "package_name": "loader-utils", "product_name": "Red Hat build of Apicurio Registry"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "loader-utils", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "loader-utils", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:discovery:1.0::el8", "fix_state": "Affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "impact": "moderate", "package_name": "389-ds:1.4/389-ds-base", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "impact": "moderate", "package_name": "container-tools:rhel8/cockpit-podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "impact": "moderate", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "impact": "moderate", "package_name": "mozjs60", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "impact": "moderate", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "impact": "moderate", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "impact": "moderate", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "impact": "moderate", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "impact": "moderate", "package_name": "polkit", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "loader-utils", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "loader-utils", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "loader-utils", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "loader-utils", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "loader-utils", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "openshift3/ose-console", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "moderate", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Will not fix", "impact": "moderate", "package_name": "odf4/odf-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Will not fix", "impact": "moderate", "package_name": "odf4/odf-multicluster-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Affected", "impact": "moderate", "package_name": "devspaces/dashboard-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Will not fix", "impact": "moderate", "package_name": "devspaces-theia-rhel8-container", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "impact": "moderate", "package_name": "rhosdt/jaeger-agent-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "impact": "moderate", "package_name": "rhosdt/jaeger-all-in-one-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "impact": "moderate", "package_name": "rhosdt/jaeger-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "impact": "moderate", "package_name": "rhosdt/jaeger-es-index-cleaner-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "impact": "moderate", "package_name": "rhosdt/jaeger-es-rollover-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "impact": "moderate", "package_name": "rhosdt/jaeger-ingester-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Will not fix", "impact": "moderate", "package_name": "rhosdt/jaeger-query-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "impact": "moderate", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "impact": "moderate", "package_name": "container-native-virtualization/kubevirt-console-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "loader-utils", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "impact": "moderate", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "impact": "moderate", "package_name": "tfm-rubygem-rabl", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "loader-utils", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2022-10-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-37601\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-37601\nhttps://github.com/webpack/loader-utils/issues/212"], "statement": "Packages shipped in Red Hat Enterprise Linux use 'loader-utils' as a transitive dependency. Thus, reducing the impact to Moderate.\nIn Red Hat containerized products like OCP and ODF, the vulnerable loader-utils NodeJS module is bundled as a transitive dependency, hence the direct impact is reduced to Moderate.", "threat_severity": "Important", "upstream_fix": "loader-utils 1.4.1, loader-utils 2.0.3"}