Open mend-bolt-for-github[bot] opened 11 months ago
loader-utils-1.4.0.tgz
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-1.4.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy: - @airbnb-clone/client-1.0.0.tgz (Root Library) - next-pwa-5.2.24.tgz - babel-loader-8.2.2.tgz - :x: **loader-utils-1.4.0.tgz** (Vulnerable Library)
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-1.2.3.tgz
Dependency Hierarchy: - @airbnb-clone/client-1.0.0.tgz (Root Library) - next-11.0.1.tgz - styled-jsx-3.3.2.tgz - :x: **loader-utils-1.2.3.tgz** (Vulnerable Library)
Found in HEAD commit: fb58f1e27d0cb59d5d7b00c9e41d86cc6468fc94
Found in base branch: main
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
Publish Date: 2022-10-14
URL: CVE-2022-37603
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-3rfm-jhwj-7488
Release Date: 2022-10-14
Fix Resolution: loader-utils - 1.4.2,2.0.4,3.2.1
Step up your Open Source Security Game with Mend here
CVE-2022-37603 - High Severity Vulnerability
loader-utils-1.4.0.tgz
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-1.4.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy: - @airbnb-clone/client-1.0.0.tgz (Root Library) - next-pwa-5.2.24.tgz - babel-loader-8.2.2.tgz - :x: **loader-utils-1.4.0.tgz** (Vulnerable Library)
loader-utils-1.2.3.tgz
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-1.2.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy: - @airbnb-clone/client-1.0.0.tgz (Root Library) - next-11.0.1.tgz - styled-jsx-3.3.2.tgz - :x: **loader-utils-1.2.3.tgz** (Vulnerable Library)
Found in HEAD commit: fb58f1e27d0cb59d5d7b00c9e41d86cc6468fc94
Found in base branch: main
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
Publish Date: 2022-10-14
URL: CVE-2022-37603
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/advisories/GHSA-3rfm-jhwj-7488
Release Date: 2022-10-14
Fix Resolution: loader-utils - 1.4.2,2.0.4,3.2.1
Step up your Open Source Security Game with Mend here