Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-37603

Опубликовано: 06 окт. 2022
Источник: redhat
CVSS3: 7.5

Описание

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-ui-rhel8Fix deferred
OpenShift Developer Tools and ServicesodoWill not fix
OpenShift Service Mesh 2openshift-service-mesh/kiali-rhel8Will not fix
OpenShift Service Mesh 2.0openshift-service-mesh/kiali-rhel8Not affected
OpenShift Service Mesh 2.0servicemesh-grafanaNot affected
OpenShift Service Mesh 2.0servicemesh-prometheusNot affected
OpenShift Service Mesh 2.1openshift-service-mesh/kiali-rhel8Affected
OpenShift Service Mesh 2.1servicemesh-grafanaNot affected
OpenShift Service Mesh 2.1servicemesh-prometheusNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/application-ui-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-185
https://bugzilla.redhat.com/show_bug.cgi?id=2140597loader-utils: Regular expression denial of service

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-37603

CVSS3: 7.5
ubuntu
больше 2 лет назад

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

nvd логотип

CVE-2022-37603

CVSS3: 7.5
nvd
больше 2 лет назад

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

debian логотип

CVE-2022-37603

CVSS3: 7.5
debian
больше 2 лет назад

A Regular expression denial of service (ReDoS) flaw was found in Funct ...

github логотип

GHSA-3rfm-jhwj-7488

CVSS3: 7.5
github
больше 2 лет назад

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable

redos логотип

ROS-20240704-07

CVSS3: 9.8
redos
12 месяцев назад

Множественные уязвимости opensearch-dashboards

7.5 High

CVSS3