CVE-2022-37601

Prototype pollution in webpack loader-utils: parseQuery.js via the name variable affects all versions prior to 1.4.1 and 2.0.3. CVSS v3.1 base score 9.8 (CRITICAL) with high impact on confidentiality, integrity, and availability. Remediation: upgrade loader-utils to 1.4.1+ or 2.0.3+ (patched vers...

CVE-2022-37603

CVE-2022-37603 describes a Regular Expression Denial of Service (ReDoS) in webpack-loader-utils, specifically in Function interpolateName.js (interpolateName.js) via the url variable. The issue affects loader-utils v2.0.0 and can lead to DoS conditions in applications that process input using thi...