CVE-2022-37603

Опубликовано: 14 окт. 2022

Источник: debian

Описание

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-loader-utils	fixed	2.0.4-1		package
node-loader-utils	fixed	2.0.0-1+deb11u1	bullseye	package
node-loader-utils	not-affected		buster	package

Примечания

https://github.com/webpack/loader-utils/issues/213
https://github.com/webpack/loader-utils/pull/225
https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb (v2.0.4)

Связанные уязвимости

CVE-2022-37603

CVSS3: 7.5

ubuntu

больше 2 лет назад

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

CVE-2022-37603

CVSS3: 7.5

redhat

больше 2 лет назад

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

CVE-2022-37603

CVSS3: 7.5

nvd

больше 2 лет назад

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

GHSA-3rfm-jhwj-7488

CVSS3: 7.5

github

больше 2 лет назад

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable

ROS-20240704-07

CVSS3: 9.8

redos

12 месяцев назад

Множественные уязвимости opensearch-dashboards