npm package
loader-utils
pkg:npm/loader-utils
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-37603 | — | >= 1.0.0, < 1.4.2 | 1.4.2 | Oct 14, 2022 | A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. | ||
| CVE-2022-37601 | — | >= 2.0.0, < 2.0.3 | 2.0.3 | Oct 12, 2022 | Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3. | ||
| CVE-2022-37599 | — | >= 1.0.0, < 1.4.2 | 1.4.2 | Oct 11, 2022 | A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. |
- CVE-2022-37603Oct 14, 2022affected >= 1.0.0, < 1.4.2fixed 1.4.2
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
- CVE-2022-37601Oct 12, 2022affected >= 2.0.0, < 2.0.3fixed 2.0.3
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.
- CVE-2022-37599Oct 11, 2022affected >= 1.0.0, < 1.4.2fixed 1.4.2
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.