{"id":"CVE-2022-37623","details":"Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js.","aliases":["GHSA-cfgr-75jx-h88g"],"modified":"2026-03-14T11:49:36.294896Z","published":"2022-10-31T12:15:10.190Z","references":[{"type":"REPORT","url":"https://github.com/thlorenz/browserify-shim/issues/248"},{"type":"EVIDENCE","url":"https://github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L158"},{"type":"EVIDENCE","url":"https://github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L94"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/thlorenz/browserify-shim","events":[{"introduced":"0"},{"last_affected":"0d4c9202872faec4b64c6095f9ca278350dace53"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.8.15"}]}}],"versions":["v0.1.0","v0.2.0","v0.3.0","v0.4.0","v0.4.1","v0.4.2","v0.4.5","v0.5.1","v0.5.2","v0.5.3","v0.5.4","v0.6.0","v2.0.0","v2.0.1","v2.0.2","v2.0.4","v2.0.6","v2.0.7","v2.0.8","v2.0.9","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.0.4","v3.0.5","v3.0.6","v3.1.0","v3.1.1","v3.1.2","v3.1.3","v3.1.4","v3.1.5","v3.2.0","v3.2.1","v3.2.2","v3.3.0","v3.3.1","v3.3.2","v3.4.0","v3.4.1","v3.5.0","v3.7.0","v3.8.0","v3.8.1","v3.8.10","v3.8.11","v3.8.12","v3.8.13","v3.8.14","v3.8.15","v3.8.2","v3.8.3","v3.8.4","v3.8.5","v3.8.6","v3.8.7","v3.8.8","v3.8.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37623.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}