Skip to content

CVE: 2022-37603 found in loader-utils - Version: 1.4.2,2.0.4 [JS] #126

New issue
New issue
Closed
Closed
CVE: 2022-37603 found in loader-utils - Version: 1.4.2,2.0.4 [JS]#126
Labels
Severity: MediumMedium severityVeracode Dependency ScanningA Veracode identified vulnerability
@github-actions

Description

@github-actions
github-actions
bot
opened on Feb 27, 2023

Veracode Software Composition Analysis

Attribute Details
Library loader-utils
Description utils for webpack loaders
Language JS
Vulnerability Regular Expression Denial Of Service (ReDoS)
Vulnerability description loader-utils is vulnerable to regular expression denial of service. The vulnerability is due to insecure regular expression in the url variable of the interpolateName function in interpolateName.js. A remote attacker can cause denial of service via malicious regex.
CVE 2022-37603
CVSS score 5
Vulnerability present in version/s 1.0.0-2.0.4
Found library version/s 1.4.2,2.0.4
Vulnerability fixed in version 3.0.0
Library latest version 3.2.1
Fix

Links:

Metadata

Metadata

Assignees

No one assigned

    Labels

    Severity: MediumMedium severityVeracode Dependency ScanningA Veracode identified vulnerability

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions