37 matches found
MAL-2025-191154 Malicious code in webpack-loader-httpfile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dac614016dd648eebd83cab4f9c04585d52439a98b69d5e02694cb48119dfd96 The package webpack-loader-httpfile was found to contain malicious code. Source: ghsa-malware...
Malicious code in webpack-loader-httpfile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dac614016dd648eebd83cab4f9c04585d52439a98b69d5e02694cb48119dfd96 The package webpack-loader-httpfile was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199194
Malicious code in webpack-loader-httpfile npm...
Malicious code in webpack-css-branch-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c3abce2732c0f6e7c2ee0eac71d52075273095303405274ebc0b32dd072c82a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-32963
Malicious code in webpack-loader-css-branch npm...
Malicious code in webpack-loader-css-branch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 229ffddcb27b696e6b64ac9e852913efc9cb7db2c9fbe5df5ec27be21dd18080 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48085 Malicious code in webpack-loader-css-branch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 229ffddcb27b696e6b64ac9e852913efc9cb7db2c9fbe5df5ec27be21dd18080 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2022-7006
Malicious code in bioql PyPI...
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
...
Linux Distros Unpatched Vulnerability : CVE-2022-37603
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to to prototype pollution due to webpack loader-utils ( CVE-2022-37601 )
Summary Potential vulnerabilities in webpack loader-utils module has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-37601 DESCRIPTION: Prototype pollution vulnerability in function parseQuery in parseQuery....
Linux Distros Unpatched Vulnerability : CVE-2022-37601
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all...
loader-utils: prototype pollution in function parseQuery in parseQuery.js
A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution...
Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities
Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...
CVE-2022-37599
A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service ReDoS. Mitigation Mitigation for this issue is either not available or the...
Fedora 37 : yarnpkg (2023-86d75130fe)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-86d75130fe advisory. Apply fix for CVE-2022-37603. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...
Prototype Pollution
node-loader-utils is vulnerable to Prototype Pollution. The vulnerability exists in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js which allows an attacker to cause a prototype pollution...
GHSA-3RFM-JHWJ-7488 loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take ...
CVE-2022-37603
A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js...
CVE-2022-37603
A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js...