A vulnerability in the loader-utils package has been identified and needs to be addressed.
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils
prior to version 2.0.3 via the name variable in parseQuery.js.
Running npm audit does highlight this as an issue, and it would seem resolve-url-loader is the culprit with the vulnerable version of the package. There are two other high vulnerability issues that use DoS to exploit vulnerabilities just like the loader-utils. Running npm audit fix clears the loader-utils issue along with some others.
Issue description
A vulnerability in the
loader-utilspackage has been identified and needs to be addressed.Resources:
https://github.com/NCIOCPL/sitewide-search-app/security/dependabot/79
Notes
Running
npm auditdoes highlight this as an issue, and it would seemresolve-url-loaderis the culprit with the vulnerable version of the package. There are two other high vulnerability issues that use DoS to exploit vulnerabilities just like theloader-utils. Runningnpm audit fixclears theloader-utilsissue along with some others.