-
Notifications
You must be signed in to change notification settings - Fork 916
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-37599 (High) detected in loader-utils-2.0.2.tgz #2560
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Security vulnerability detected by Mend
label
Oct 12, 2022
mend-for-github-com
bot
changed the title
CVE-2022-37599 (Medium) detected in loader-utils-1.4.0.tgz, loader-utils-2.0.2.tgz
CVE-2022-37599 (High) detected in loader-utils-2.0.2.tgz
Oct 19, 2022
|
There are a lot of packages using |
|
This was referenced Nov 1, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
Mend: dependency security vulnerability
Security vulnerability detected by Mend
CVE-2022-37599 - High Severity Vulnerability
Vulnerable Library - loader-utils-2.0.2.tgz
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.2.tgz
Dependency Hierarchy:
Found in HEAD commit: cba076465f44b6a819e3cff7986ff4cd21a66371
Found in base branch: main
Vulnerability Details
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.
Publish Date: 2022-10-11
URL: CVE-2022-37599
CVSS 3 Score Details (7.5)
Base Score Metrics:
The text was updated successfully, but these errors were encountered: