Vulnerable Package issue exists @ Npm-loader-utils-2.0.0 in branch main
A Regular expression Denial of Service (ReDoS) flaw was found in loader-utils versions 1.0.0 through 1.4.1, 2.0.0 through 2.0.3, and 3.0.0 through 3.2.0. The affected function is "interpolateName" in the "interpolateName.js" file via the "resourcePath" variable.
Vulnerable Package issue exists @ Npm-loader-utils-2.0.0 in branch main
A Regular expression Denial of Service (ReDoS) flaw was found in loader-utils versions 1.0.0 through 1.4.1, 2.0.0 through 2.0.3, and 3.0.0 through 3.2.0. The affected function is "interpolateName" in the "interpolateName.js" file via the "resourcePath" variable.
Namespace: westonphillips Repository: CheckmarxOnePOV Repository Url: https://github.com/westonphillips/CheckmarxOnePOV CxAST-Project: westonphillips/CheckmarxOnePOV CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c Branch: main Application: CheckmarxOnePOV Severity: HIGH State: NOT_IGNORED Status: RECURRENT CWE: CWE-1333
Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: NONE Availability impact: HIGH Remediation Upgrade Recommendation: 2.0.4
References Issue Advisory Commit Release Note Pull request Issue