Vulnerabilites related to webpack.js - loader-utils
cve-2022-37599
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:21.031Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", }, { tags: [ "x_transferred", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83", }, { tags: [ "x_transferred", ], url: "https://github.com/webpack/loader-utils/issues/211", }, { tags: [ "x_transferred", ], url: "https://github.com/webpack/loader-utils/issues/216", }, { name: "FEDORA-2024-5ecc250449", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/", }, { name: "FEDORA-2024-28fc0c2ef4", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-28T02:06:10.213450", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", }, { url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83", }, { url: "https://github.com/webpack/loader-utils/issues/211", }, { url: "https://github.com/webpack/loader-utils/issues/216", }, { name: "FEDORA-2024-5ecc250449", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/", }, { name: "FEDORA-2024-28fc0c2ef4", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37599", datePublished: "2022-10-11T00:00:00", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2024-08-03T10:29:21.031Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37603
Vulnerability from cvelistv5
Published
2022-10-14 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:21.025Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", }, { tags: [ "x_transferred", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107", }, { tags: [ "x_transferred", ], url: "https://github.com/webpack/loader-utils/issues/213", }, { name: "FEDORA-2023-86d75130fe", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/", }, { name: "FEDORA-2023-a4f0b29f6c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/", }, { name: "FEDORA-2023-2e38c3756f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-30T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", }, { url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107", }, { url: "https://github.com/webpack/loader-utils/issues/213", }, { name: "FEDORA-2023-86d75130fe", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/", }, { name: "FEDORA-2023-a4f0b29f6c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/", }, { name: "FEDORA-2023-2e38c3756f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37603", datePublished: "2022-10-14T00:00:00", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2024-08-03T10:29:21.025Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37601
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2024-10-28 19:41
Severity ?
EPSS score ?
Summary
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:21.030Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11", }, { tags: [ "x_transferred", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47", }, { tags: [ "x_transferred", ], url: "https://github.com/webpack/loader-utils/issues/212", }, { tags: [ "x_transferred", ], url: "https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884", }, { tags: [ "x_transferred", ], url: "https://dl.acm.org/doi/abs/10.1145/3488932.3497769", }, { tags: [ "x_transferred", ], url: "https://dl.acm.org/doi/pdf/10.1145/3488932.3497769", }, { tags: [ "x_transferred", ], url: "http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf", }, { tags: [ "x_transferred", ], url: "https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826", }, { name: "[debian-lts-announce] 20221231 [SECURITY] [DLA 3258-1] node-loader-utils security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-37601", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-28T19:39:00.731353Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-28T19:41:38.297Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T15:59:24.822577", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11", }, { url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47", }, { url: "https://github.com/webpack/loader-utils/issues/212", }, { url: "https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884", }, { url: "https://dl.acm.org/doi/abs/10.1145/3488932.3497769", }, { url: "https://dl.acm.org/doi/pdf/10.1145/3488932.3497769", }, { url: "http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf", }, { url: "https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826", }, { name: "[debian-lts-announce] 20221231 [SECURITY] [DLA 3258-1] node-loader-utils security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37601", datePublished: "2022-10-12T00:00:00", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2024-10-28T19:41:38.297Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-10-12 20:15
Modified
2024-11-21 07:15
Severity ?
Summary
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webpack.js | loader-utils | * | |
| webpack.js | loader-utils | * | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*", matchCriteriaId: "3D129CBD-E544-4159-B270-BB3D49CAFF82", versionEndExcluding: "1.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*", matchCriteriaId: "83AAE143-8D1E-4D05-B9B0-00EDD0F4262C", versionEndExcluding: "2.0.3", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.", }, { lang: "es", value: "Una vulnerabilidad de contaminación de prototipos en la función parseQuery en el archivo parseQuery.js en webpack loader-utils 2.0.0 por medio de la variable name en parseQuery.js", }, ], id: "CVE-2022-37601", lastModified: "2024-11-21T07:15:02.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-12T20:15:11.263", references: [ { source: "cve@mitre.org", tags: [ "Technical Description", ], url: "http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf", }, { source: "cve@mitre.org", tags: [ "Technical Description", ], url: "https://dl.acm.org/doi/abs/10.1145/3488932.3497769", }, { source: "cve@mitre.org", tags: [ "Technical Description", ], url: "https://dl.acm.org/doi/pdf/10.1145/3488932.3497769", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/issues/212", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", ], url: "http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", ], url: "https://dl.acm.org/doi/abs/10.1145/3488932.3497769", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", ], url: "https://dl.acm.org/doi/pdf/10.1145/3488932.3497769", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/issues/212", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/issues/212#issuecomment-1319192884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00044.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1321", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-14 16:15
Modified
2024-11-21 07:15
Severity ?
Summary
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webpack.js | loader-utils | * | |
| webpack.js | loader-utils | * | |
| webpack.js | loader-utils | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*", matchCriteriaId: "2D80B42D-76ED-4230-96B9-15EB1830D9E5", versionEndExcluding: "1.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*", matchCriteriaId: "F4F9E61F-7368-4FB3-9F31-961DE4EC04A1", versionEndExcluding: "2.0.4", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*", matchCriteriaId: "A8197168-0B7C-4BD0-B378-251CAA956A60", versionEndExcluding: "3.2.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.", }, { lang: "es", value: "Se ha encontrado un fallo de denegación de servicio de expresión Regular (ReDoS) en la función interpolateName en el archivo interpolateName.js en webpack loader-utils 2.0.0 por medio de la variable url en interpolateName.js", }, ], id: "CVE-2022-37603", lastModified: "2024-11-21T07:15:02.577", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-14T16:15:12.647", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/issues/213", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/issues/213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1333", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-11 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webpack.js | loader-utils | * | |
| webpack.js | loader-utils | * | |
| webpack.js | loader-utils | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*", matchCriteriaId: "8EDECB44-867A-46C6-A407-AEFB5C1A69E7", versionEndExcluding: "1.4.2", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*", matchCriteriaId: "F4F9E61F-7368-4FB3-9F31-961DE4EC04A1", versionEndExcluding: "2.0.4", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*", matchCriteriaId: "A8197168-0B7C-4BD0-B378-251CAA956A60", versionEndExcluding: "3.2.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.", }, { lang: "es", value: "Se ha encontrado un fallo de Denegación de Servicio de Expresión Regular (ReDoS) en la función interpolateName en el archivo interpolateName.js en webpack loader-utils 2.0.0 por medio de la variable resourcePath en el archivo interpolateName.js", }, ], id: "CVE-2022-37599", lastModified: "2024-11-21T07:15:02.003", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-11T19:15:11.853", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/issues/211", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/issues/216", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/issues/211", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/webpack/loader-utils/issues/216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1333", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }