CVE-2022-37599

Опубликовано: 11 окт. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

Ссылки

https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38
Third Party Advisory
https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83
Third Party Advisory
https://github.com/webpack/loader-utils/issues/211
Issue Tracking
Third Party Advisory
https://github.com/webpack/loader-utils/issues/216
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/
https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38
Third Party Advisory
https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83
Third Party Advisory
https://github.com/webpack/loader-utils/issues/211
Issue Tracking
Third Party Advisory
https://github.com/webpack/loader-utils/issues/216
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 1.4.2 (исключая)

cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.0.4 (исключая)

cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.2.1 (исключая)

EPSS

Процентиль: 89%

0.04702

Низкий

7.5 High

CVSS3

Дефекты

CWE-1333

Связанные уязвимости

CVE-2022-37599

CVSS3: 7.5

ubuntu

почти 3 года назад

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

CVE-2022-37599

CVSS3: 7.5

redhat

почти 3 года назад

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

CVE-2022-37599

CVSS3: 7.5

debian

почти 3 года назад

A Regular expression denial of service (ReDoS) flaw was found in Funct ...

GHSA-hhq3-ff78-jv3g

CVSS3: 7.5

github

почти 3 года назад

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)

ROS-20240704-07

CVSS3: 9.8

redos

около 1 года назад

Множественные уязвимости opensearch-dashboards

EPSS

Процентиль: 89%

0.04702

Низкий

7.5 High

CVSS3

Дефекты

CWE-1333