CVE-2022-37599

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

References

Affected packages

Git / github.com/webpack/loader-utils

Affected ranges

Type

GIT

Repo

https://github.com/webpack/loader-utils

Events

Introduced

8cda6ab3c53791851b1528b3d7d8d7f537ae344f

Fixed

331ad5067d9a1a7b8d646692e6959639969210d1

Introduced

d9f4e23cf411d8556f8bac2d3bf05a6e0103b568

Fixed

6688b5028106f144ee9f543bebc8e6a87b57829f

Introduced

e1e9f895df7802a859a0e627081fc8fb5ddd7c86

Fixed

a3fd3ca1a5287d217a2370b0902997544e6b9aa9

Database specific

{
    "extracted_events": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.4.2"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.4"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.2.1"
        }
    ],
    "cpe": "cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD"
}

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.3.0

v1.4.0

v1.4.1

v2.*

v2.0.0

v2.0.1

v2.0.3

v3.*

v3.0.0

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.2.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-37599.json"