CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2022-37603 – loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service
https://notcve.org/view.php?id=CVE-2022-37603
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. Se ha encontrado un fallo de denegación de servicio de expresión Regular (ReDoS) en la función interpolateName en el archivo interpolateName.js en webpack loader-utils 2.0.0 por medio de la variable url en interpolateName.js A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component. The package loader-utils before 1.4.2, from 2.0.0 and before 2.0.4 as well as versions from 3.0.0 but below 3.2.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the resourcePath variable due to insecure usage of regular expressions. • https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107 https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38 https://github.com/webpack/loader-utils/issues/213 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375 https://lists.fedoraproject.org& • CWE-185: Incorrect Regular Expression CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-37599 – loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service
https://notcve.org/view.php?id=CVE-2022-37599
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. Se ha encontrado un fallo de Denegación de Servicio de Expresión Regular (ReDoS) en la función interpolateName en el archivo interpolateName.js en webpack loader-utils 2.0.0 por medio de la variable resourcePath en el archivo interpolateName.js A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS). The package loader-utils before 1.4.2, from 2.0.0 and before 2.0.4 as well as versions from 3.0.0 but below 3.2.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the interpolateName function due to insecure usage of regular expressions. Some WordPress plugins and themes use this dependency, however, are not vulnerable to exploitation. • https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38 https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83 https://github.com/webpack/loader-utils/issues/211 https://github.com/webpack/loader-utils/issues/216 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message& • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •