CVE-2022-37603 @ Npm-loader-utils-1.2.3

**Vulnerable Package** issue exists @ **Npm\-loader\-utils\-1.2.3** in branch **main**

A Regular expression Denial of Service (ReDoS) flaw was found in loader-utils versions 1.0.0 through 1.4.1, 2.0.0 through 2.0.3, and 3.0.0 through 3.2.0. The affected function is "interpolateName" in the "interpolateName.js" file via the "url" variable.

**Namespace:** yangricardo
**Repository:** nextjs-tailwind-reacthook-form-ant-design-template
**Repository Url:** https://github.com/yangricardo/nextjs-tailwind-reacthook-form-ant-design-template
**CxAST\-Project:** yangricardo/nextjs-tailwind-reacthook-form-ant-design-template
**CxAST platform scan:** [8fc1cf6c\-819f\-4734\-b20d\-87c2af04c0b2](https://ast.checkmarx.net/projects/40c38ad0-7ad1-4fe3-b192-9702d2e95d0a/scans?id=8fc1cf6c-819f-4734-b20d-87c2af04c0b2&branch=main)
**Branch:** main
**Application:** nextjs-tailwind-reacthook-form-ant-design-template
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-1333


----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** NONE
**Availability impact:** HIGH
**Remediation Upgrade Recommendation:** 1.4.2


----
**References**
[Advisory](https://github.com/advisories/GHSA-3rfm-jhwj-7488)
[Issue](https://github.com/webpack/loader-utils/issues/213)
[Pull request](https://github.com/webpack/loader-utils/pull/225)
[Commit](https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb)
[Release Note](https://github.com/webpack/loader-utils/releases/tag/v2.0.4)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2022-37603 @ Npm-loader-utils-1.2.3 #11

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2022-37603 @ Npm-loader-utils-1.2.3 #11

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions