3 matches found
CVE-2022-37601
Prototype pollution in webpack loader-utils: parseQuery.js via the name variable affects all versions prior to 1.4.1 and 2.0.3. CVSS v3.1 base score 9.8 (CRITICAL) with high impact on confidentiality, integrity, and availability. Remediation: upgrade loader-utils to 1.4.1+ or 2.0.3+ (patched vers...
CVE-2022-37603
CVE-2022-37603 describes a Regular Expression Denial of Service (ReDoS) in webpack-loader-utils, specifically in Function interpolateName.js (interpolateName.js) via the url variable. The issue affects loader-utils v2.0.0 and can lead to DoS conditions in applications that process input using thi...
CVE-2022-37599
CVE-2022-37599: A ReDoS in Function interpolateName (interpolateName.js) in webpack loader-utils 2.0.0 is triggered via the resourcePath variable in interpolateName.js. The Nessus/Confluence entry explicitly ties this CVE to affected Confluence deployments using webpack loader-utils, describing a...