16 matches found
Security Bulletin: IBM Storage Fusion Data Foundation is affected DOS caused by specially crafted regex or prototype pollution flaw (CVE-2022-37599, CVE-2022-37603, CVE-2022-37601)
Summary IBM Storage Fusion Data Foundation is used by IBM Storage Fusion Data Foundation. The application server takes input and crafted regex can cause the exploit to Denial of service. CVE-2022-37599, CVE-2022-37603, CVE-2022-37601. Vulnerability Details CVEID:CVE-2022-37599 DESCRIPTION:...
Linux Distros Unpatched Vulnerability : CVE-2022-37599
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath...
RHEL 7 : loader-utils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - loader-utils: prototype pollution in function parseQuery in parseQuery.js CVE-2022-37601 - A Regular...
RHEL 6 : loader-utils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - loader-utils: prototype pollution in function parseQuery in parseQuery.js CVE-2022-37601 - A Regular...
Fedora: Security Advisory (FEDORA-2024-28fc0c2ef4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for yarnpkg (FEDORA-2024-5ecc250449)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may vulnerable to denial of service, spoofing attacks via dependent JavaScript libraries (CVE-2021-23440, CVE-2018-25031, CVE-2022-46175, CVE-2022-37599, CVE-2022-37603)
Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be affected by vulnerabilities in set-value Node.js, swagger-ui, JSON5, webpack/loader-utils. Vulnerabilities include access of resources using improper type leading to denial o...
CVE-2022-37599
A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service ReDoS. Mitigation Mitigation for this issue is either not available or the...
Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises
Summary IBM Engineering Requirements Quality Assistant On-Premises affected by multiple vulnerabilities due to which an attacker could exploit this vulnerability to execute arbitrary code on the system and cause the application to crash cause a denial of service condition on the system. This...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-37599 DESCRIPTION: loader-utils is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the interpolateName.js script. By sending...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-37601 DESCRIPTION: webpack loader-utils could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the parseQuery function in...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to loader-utils CVE-2022-37599
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to loader-utils CVE-2022-37599 with details below Vulnerability Details CVEID:CVE-2022-37599 DESCRIPTION: loader-utils is vulnerable to a denial of service, caused by a regular expression denial of...
@alfresco/adf-testing (=6.0.0-A.2-8258), @angular-architects/build-angular (=14.2.0-next.0) +54 more potentially affected by CVE-2022-37599 via loader-utils (>=3.0.0 <=3.2.0)
loader-utils NPM version =3.0.0, =0.9.2, =13.0.0, =1.0.0, =1.3.1, =13.0.0-rc.18, =3.9.0, =13.0.0, =0.1.0, =1.7.4, =4.7.1-beta.0, =4.7.1-beta.0, =9.1.3-beta.1 and more Source cves: CVE-2022-37599 Source advisory: OSV:GHSA-HHQ3-FF78-JV3G...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +14881 more potentially affected by CVE-2022-37599 via loader-utils (>=1.0.0 <=1.4.1)
loader-utils NPM version =1.0.0, =1.0.1, =1.0.5, =0.1.0, =0.1.0, =1.0.3, =0.1.0, =0.1.2, =0.0.2, =0.3.0, =0.1.4, =0.1.6 and more Source cves: CVE-2022-37599 Source advisory: OSV:GHSA-HHQ3-FF78-JV3G...
DEBIAN-CVE-2022-37599
A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js...
CVE-2022-37599
CVE-2022-37599: A ReDoS in Function interpolateName (interpolateName.js) in webpack loader-utils 2.0.0 is triggered via the resourcePath variable in interpolateName.js. The Nessus/Confluence entry explicitly ties this CVE to affected Confluence deployments using webpack loader-utils, describing a...