CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2023/04/13 10:57 a.m.•38 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2022-37603]

Summary Node.js module loader-utils is used by IBM App Connect Enterprise Certified Container by DesignerAuthoring operands. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service. This bulletin provides patch information to address the...

7.5CVSS8.2AI score0.01331EPSS

Exploits1Affected Software1

Tenable Nessus•added 2023/03/30 12:0 a.m.•41 views

Fedora 38 : yarnpkg (2023-2e38c3756f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2e38c3756f advisory. Apply fix for CVE-2022-37603. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Tenable Nessus•added 2023/03/29 12:0 a.m.•33 views

Exploits2References3

Fedora 37 : yarnpkg (2023-86d75130fe)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-86d75130fe advisory. Apply fix for CVE-2022-37603. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

RedHat Linux•added 2023/03/01 9:45 p.m.•2 views

Exploits2References3

loader-utils: Regular expression denial of service

A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service ReDoS, affecting the availability of the affected component...

RedHat Linux•added 2023/02/28 12:50 a.m.•46 views

Important: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS6.8AI score0.42304EPSS

Exploits7References31

RedHat Linux•added 2023/01/26 12:14 p.m.•3 views

loader-utils: Regular expression denial of service

RedHat Linux•added 2023/01/26 12:14 p.m.•55 views

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes v1.0.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.8AI score0.03874EPSS

Exploits4References8

IBM Security Bulletins•added 2023/01/03 9:16 a.m.•45 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to loader-utils CVE-2022-37599

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to loader-utils CVE-2022-37599 with details below Vulnerability Details CVEID:CVE-2022-37599 DESCRIPTION: loader-utils is vulnerable to a denial of service, caused by a regular expression denial of...

7.5CVSS8.1AI score0.04206EPSS

Exploits0Affected Software1

Tenable Nessus•added 2023/01/01 12:0 a.m.•45 views

Debian dla-3258 : node-loader-utils - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3258 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3258-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS7.9AI score0.18844EPSS

OpenVAS•added 2023/01/01 12:0 a.m.•21 views

Debian: Security Advisory (DLA-3258-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.18844EPSS

Debian•added 2022/12/31 4:24 p.m.•34 views

[SECURITY] [DLA 3258-1] node-loader-utils security update

Debian LTS Advisory DLA-3258-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2022 https://wiki.debian.org/LTS Package : node-loader-utils Version : 1.1.0-2+deb10u1 CVE ID : CVE-2022-37601 Supraja Baskar discovered prototype pollution vulnerability in...

9.8CVSS6.7AI score0.18844EPSS

OSV•added 2022/12/31 12:0 a.m.•50 views

DLA-3258-1 node-loader-utils - security update

Bulletin has no description...

9.8CVSS8.8AI score0.18844EPSS

Veracode•added 2022/11/16 5:59 a.m.•25 views

Prototype Pollution

node-loader-utils is vulnerable to Prototype Pollution. The vulnerability exists in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js which allows an attacker to cause a prototype pollution...

9.8CVSS8.6AI score0.18844EPSS

Exploits1References10Affected Software5

RedhatCVE•added 2022/11/07 10:56 a.m.•101 views

CVE-2022-37603

7.5CVSS3.4AI score0.01331EPSS

Exploits1References3

Veracode•added 2022/10/16 9:39 p.m.•41 views

Regular Expression Denial Of Service (ReDoS)

loader-utils is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to insecure regular expression in the url variable of the interpolateName function in interpolateName.js. A remote attacker can cause denial of service via malicious regex...

7.5CVSS8.2AI score0.01331EPSS

Exploits1References13Affected Software7

vulnersOsv•added 2022/10/14 7:0 p.m.•2 views

@alfresco/adf-testing (=6.0.0-A.2-8258), @angular-architects/build-angular (=14.2.0-next.0) +54 more potentially affected by CVE-2022-37603 via loader-utils (>=3.0.0 <=3.2.0)

loader-utils NPM version =3.0.0, =0.9.2, =13.0.0, =1.0.0, =1.3.1, =13.0.0-rc.18, =3.9.0, =13.0.0, =0.1.0, =1.7.4, =4.7.1-beta.0, =4.7.1-beta.0, =9.1.3-beta.1 and more Source cves: CVE-2022-37603 Source advisory: OSV:GHSA-3RFM-JHWJ-7488...