Wiz
Vulnerability DatabaseCVE-2022-37598

CVE-2022-37598
Linux Debian vulnerability analysis and mitigation

Overview

A prototype pollution vulnerability was reported in UglifyJS version 3.13.2, specifically in the DEFNODE function within ast.js via the name variable. This vulnerability was assigned CVE-2022-37598. The issue was reported on October 5, 2022, and affects the UglifyJS JavaScript minifier tool (GitHub Issue).

Technical details

The vulnerability was identified in the DEFNODE function implementation within the ast.js file of UglifyJS. The issue specifically relates to potential prototype pollution through the name variable in ast.js (GitHub Issue).

Impact

The vulnerability could potentially lead to prototype pollution, which is a type of attack where JavaScript's object prototype chain is manipulated to inject or modify properties that could affect all objects of that type in the application (GitHub Issue).

Mitigation and workarounds

Since the vendor has marked this vulnerability as invalid, no official patches or mitigations have been released. The original report suggested following prototype pollution best practices as described in Snyk's documentation (GitHub Issue).

Community reactions

The vulnerability was initially reported through multiple channels, including Sonatype's security scanning tools, which marked it as a critical vulnerability. However, the UglifyJS maintainers have disputed the validity of the vulnerability report (GitHub Issue).

Additional resources

SourceThis report was generated using AI

Related Linux Debian vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-23745HIGH8.2
  • JavaScriptJavaScript
  • tar
NoYesJan 16, 2026
CVE-2026-23535HIGH8
  • PythonPython
  • wlc
NoYesJan 16, 2026
CVE-2026-23490HIGH7.5
  • PythonPython
  • pyasn1
NoYesJan 16, 2026
CVE-2026-23643MEDIUM5.4
  • CakePHPCakePHP
  • cakephp
NoYesJan 16, 2026
CVE-2025-61873LOW2.6
  • Linux DebianLinux Debian
  • request-tracker4
NoYesJan 16, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo