Lucene search
K

5625 matches found

Veracode
Veracode
added 2022/10/12 2:12 a.m.96 views

Regular Expression Denial Of Service (ReDoS)

loader-utils is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the resourcePath variable in interpolateName.js, allowing an attacker to crash the application by providing a malicious input...

7.5CVSS7.3AI score0.0204EPSS
Exploits0References6Affected Software6
CVE
CVE
added 2022/10/12 12:0 a.m.363 views

CVE-2022-37601

Prototype pollution in webpack loader-utils: parseQuery.js via the name variable affects all versions prior to 1.4.1 and 2.0.3. CVSS v3.1 base score 9.8 (CRITICAL) with high impact on confidentiality, integrity, and availability. Remediation: upgrade loader-utils to 1.4.1+ or 2.0.3+ (patched vers...

9.8CVSS9.1AI score0.02601EPSS
Exploits1References9Affected Software1
Debian CVE
Debian CVE
added 2022/10/12 12:0 a.m.35 views

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...

9.8CVSS8.5AI score0.02601EPSS
Exploits1
Cvelist
Cvelist
added 2022/10/12 12:0 a.m.31 views

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...

9.5AI score0.02601EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2022/10/12 12:0 a.m.4 views

PT-2022-24022

Name of the Vulnerable Software and Affected Versions loader-utils versions prior to 1.4.1 loader-utils versions prior to 2.0.3 Description The issue is related to a prototype pollution vulnerability in the parseQuery function within parseQuery.js in webpack loader-utils. This vulnerability is...

9.8CVSS7.9AI score0.02601EPSS
Exploits1References32
CNNVD
CNNVD
added 2022/10/12 12:0 a.m.2 views

loader-utils 安全漏洞

loader-utils is a webpack open source utility for the webpack loader. A security vulnerability exists in webpack loader-utils version 2.0.0, which stems from the discovery of a prototype contamination vulnerability contained in the parseQuerys function of parseQuery.js...

9.8CVSS7.2AI score0.02601EPSS
Exploits1References14
Vulnrichment
Vulnrichment
added 2022/10/12 12:0 a.m.24 views

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...

6.6AI score0.02601EPSS
Exploits1References9
NVD
NVD
added 2022/10/11 7:15 p.m.23 views

CVE-2022-37599

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js...

7.5CVSS0.0204EPSS
Exploits0References7
OSV
OSV
added 2022/10/11 7:15 p.m.29 views

CVE-2022-37599

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js...

7.5CVSS8.3AI score
Exploits0References7
OSV
OSV
added 2022/10/11 7:15 p.m.2 views

DEBIAN-CVE-2022-37599

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js...

7.5CVSS7.4AI score0.0204EPSS
Exploits0References1
Prion
Prion
added 2022/10/11 7:15 p.m.29 views

Denial of service

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js...

5CVSS7.8AI score0.0204EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2022/10/11 7:15 p.m.48 views

CVE-2022-37599

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js...

7.5CVSS6.8AI score0.0204EPSS
Exploits0References4
OSV
OSV
added 2022/10/11 7:15 p.m.2 views

UBUNTU-CVE-2022-37599

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js...

7.5CVSS6.7AI score0.0204EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/10/11 12:0 a.m.32 views

CVE-2022-37599

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js...

7.6AI score0.0204EPSS
Exploits0References6
CVE
CVE
added 2022/10/11 12:0 a.m.225 views

CVE-2022-37599

CVE-2022-37599: A ReDoS in Function interpolateName (interpolateName.js) in webpack loader-utils 2.0.0 is triggered via the resourcePath variable in interpolateName.js. The Nessus/Confluence entry explicitly ties this CVE to affected Confluence deployments using webpack loader-utils, describing a...

7.5CVSS7.2AI score0.0204EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.3 views

PT-2022-24021

Name of the Vulnerable Software and Affected Versions webpack loader-utils version 2.0.0 Description A Regular expression denial of service ReDoS flaw was found in the interpolateName function in interpolateName.js via the resourcePath variable. This issue could be exploited by sending crafted...

7.5CVSS7.2AI score0.0204EPSS
Exploits0References32
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.2 views

loader-utils 安全漏洞

loader-utils is a webpack open source utility for the webpack loader. A security vulnerability exists in webpack loader-utils version 2.0.0, which stems from the discovery of a regular expression denial of service ReDoS vulnerability contained in the interpolateName function of interpolateName...

7.5CVSS6.9AI score0.0204EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/10/05 12:0 a.m.52 views

Debian DSA-5248-1 : php-twig - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5248 advisory. Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code. For th...

7.5CVSS7.7AI score0.01488EPSS
Exploits0References6
OSV
OSV
added 2022/10/02 1:45 p.m.5 views

GSD-2022-1006450 efi: capsule-loader: Fix use-after-free in efi_capsule_write

efi: capsule-loader: Fix use-after-free in eficapsulewrite This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.293 by commit...

7.3AI score
Exploits0
OSV
OSV
added 2022/10/02 1:45 p.m.6 views

GSD-2022-1006441 efi: capsule-loader: Fix use-after-free in efi_capsule_write

efi: capsule-loader: Fix use-after-free in eficapsulewrite This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.258 by commit...

7.3AI score
Exploits0
Rows per page
Query Builder