CVE-2022-37599

Опубликовано: 11 окт. 2022

Источник: debian

EPSS Низкий

Описание

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-loader-utils	fixed	2.0.4-1		package
node-loader-utils	fixed	2.0.0-1+deb11u1	bullseye	package
node-loader-utils	not-affected		buster	package

Примечания

https://github.com/webpack/loader-utils/issues/211
https://github.com/webpack/loader-utils/pull/225
https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb (v2.0.4)

EPSS

Процентиль: 89%

0.04702

Низкий

Связанные уязвимости

CVE-2022-37599

CVSS3: 7.5

ubuntu

почти 3 года назад

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

CVE-2022-37599

CVSS3: 7.5

redhat

почти 3 года назад

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

CVE-2022-37599

CVSS3: 7.5

nvd

почти 3 года назад

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

GHSA-hhq3-ff78-jv3g

CVSS3: 7.5

github

почти 3 года назад

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)

ROS-20240704-07

CVSS3: 9.8

redos

около 1 года назад

Множественные уязвимости opensearch-dashboards

EPSS

Процентиль: 89%

0.04702

Низкий