Vulnerability DatabaseCVE-2022-37614

CVE-2022-37614:
JavaScript vulnerability analysis and mitigation

Overview

A prototype pollution vulnerability was discovered in mockery.js, specifically in the enable function in commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf. The vulnerability was assigned CVE-2022-37614 and was disclosed on October 10, 2022. The affected component is the mfncooper mockery library (GitHub Issue).

Technical details

The vulnerability exists in the enable function within mockery.js, where improper handling of the key variable can lead to prototype pollution. This occurs when merging options with default settings, potentially allowing an attacker to modify the prototype chain of objects (GitHub Source).

Impact

Prototype pollution vulnerabilities can allow attackers to modify the behavior of all objects inheriting from the affected prototype. This could potentially lead to application-wide security issues, including denial of service (DoS) or, in some cases, remote code execution depending on how the polluted properties are used within the application (NVD).

Mitigation and workarounds

The vulnerability can be mitigated by implementing proper input validation and using prototype pollution prevention techniques as described in security best practices. This includes checking for and blocking dangerous properties like 'proto', 'constructor', and 'prototype' (GitHub Issue).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

9.8

Score

Published October 12, 2022

Severity CRITICAL

CNA Score 9.8

Affected Technologies

JavaScript
NixOS

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 40.4

Exploitation Probability (EPSS) 0.2

Affected packages and libraries

mockery

Sources

NVD
GitHub Advisory Database
- npm Severity CRITICALNo FixAdded at: Jul 30, 2023
Homebrew
- Homebrew Severity CRITICALNo FixAdded at: Feb 12, 2024
Nix
- Nix Severity CRITICALNo FixAdded at: Nov 01, 2023

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related JavaScript vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-66456	CRITICAL	9.1	JavaScript	elysia	No	Yes	Dec 09, 2025
CVE-2025-66457	HIGH	7.5	JavaScript	elysia	No	Yes	Dec 09, 2025
CVE-2025-65849	MEDIUM	6.9	JavaScript	altcha	No	No	Dec 08, 2025
CVE-2025-66202	MEDIUM	6.5	JavaScript	astro	No	Yes	Dec 09, 2025
CVE-2025-14284	MEDIUM	5.1	JavaScript	@tiptap/extension-link	No	Yes	Dec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2022-37614: JavaScript vulnerability analysis and mitigation