CVE Vulnerability

CVE-2022-37599

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38 Third Party Advisory
https://github.com/webpack/loader-utils/issues/211 Issue Tracking Third Party Advisory
https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83 Third Party Advisory
https://github.com/webpack/loader-utils/issues/216 Issue Tracking Patch
Configurations

Configuration 1

cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*
cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*
cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*
Information

Published : 2022-10-11 07:15

Updated : 2023-02-09 01:50

NVD link : CVE-2022-37599

Mitre link : CVE-2022-37599

Products Affected
No products.
CWE
NVD-CWE-Other