logo

Database

Asymmetric denial of service - ReDoS In loader-utils

Description

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 11

10

Aliases

1. CVE-2022-376032. NVD-2022-376033. OSV-2022-376034. OSV-DEBIAN-2022-376035. GCVE-2022-376036. SECURITY-TRACKER-CVE-2022-37603

References

1. https://github.com/webpack/loader-utils/issues/2132. https://github.com/webpack/loader-utils/issues/2163. https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa4. https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb5. https://github.com/webpack/loader-utils/commit/d2d752d59629daee38f34b24307221349c490eb16. https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L1077. https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L388. https://lists.fedoraproject.org/archives/list/[email protected]/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM9. https://lists.fedoraproject.org/archives/list/[email protected]/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH37510. https://lists.fedoraproject.org/archives/list/[email protected]/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.