NodeJS/loader-utils/3.1.1
utils for webpack loaders
https://www.npmjs.com/package/loader-utils
MIT
2 Security Vulnerabilities
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
- https://nvd.nist.gov/vuln/detail/CVE-2022-37603
- https://github.com/webpack/loader-utils/issues/213
- https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107
- https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38
- https://github.com/webpack/loader-utils/issues/216
- https://github.com/advisories/GHSA-3rfm-jhwj-7488
- https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa
- https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb
- https://github.com/webpack/loader-utils/commit/d2d752d59629daee38f34b24307221349c490eb1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
- https://nvd.nist.gov/vuln/detail/CVE-2022-37599
- https://github.com/webpack/loader-utils/issues/211
- https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38
- https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83
- https://github.com/webpack/loader-utils/issues/216
- https://github.com/webpack/loader-utils/commit/36dc86617930a5cf18af51cf3f53d0ee284d2824
- https://github.com/advisories/GHSA-hhq3-ff78-jv3g
- https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa
- https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb
- https://github.com/webpack/loader-utils/commit/d2d752d59629daee38f34b24307221349c490eb1
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ
A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.
47 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
3.2.1 | MIT | 2022-11-11 - 00:25 | over 1 year | |
3.2.0 | MIT | 2 | 2021-11-11 - 15:42 | over 2 years |
3.1.3 | MIT | 2 | 2021-11-04 - 15:23 | over 2 years |
3.1.2 | MIT | 2 | 2021-11-04 - 14:46 | over 2 years |
3.1.1 | MIT | 2 | 2021-11-04 - 14:29 | over 2 years |
3.1.0 | MIT | 2 | 2021-10-29 - 13:18 | over 2 years |
3.0.0 | MIT | 2 | 2021-10-20 - 14:11 | over 2 years |
2.0.4 | MIT | 2022-11-11 - 00:32 | over 1 year | |
2.0.3 | MIT | 2 | 2022-10-20 - 20:00 | over 1 year |
2.0.2 | MIT | 3 | 2021-11-04 - 15:07 | over 2 years |
2.0.1 | MIT | 3 | 2021-10-29 - 13:48 | over 2 years |
2.0.0 | MIT | 3 | 2020-03-17 - 11:38 | about 4 years |
1.4.2 | MIT | 2022-11-11 - 00:35 | over 1 year | |
1.4.1 | MIT | 2 | 2022-11-07 - 20:42 | over 1 year |
1.4.0 | MIT | 3 | 2020-02-19 - 17:33 | about 4 years |
1.3.0 | MIT | 3 | 2020-02-19 - 17:06 | about 4 years |
1.2.3 | MIT | 3 | 2018-12-27 - 12:22 | over 5 years |
1.2.2 | MIT | 3 | 2018-12-27 - 10:30 | over 5 years |
1.2.1 | MIT | 3 | 2018-12-25 - 12:28 | over 5 years |
1.2.0 | MIT | 3 | 2018-12-24 - 18:13 | over 5 years |
1.1.0 | MIT | 3 | 2017-03-16 - 14:05 | about 7 years |
1.0.4 | MIT | 3 | 2017-03-14 - 10:56 | about 7 years |
1.0.3 | JSF | 3 | 2017-03-06 - 14:02 | about 7 years |
1.0.2 | MIT | 3 | 2017-02-21 - 15:37 | about 7 years |
1.0.1 | MIT | 3 | 2017-02-21 - 14:54 | about 7 years |
1.0.0 | MIT | 3 | 2017-02-20 - 23:17 | about 7 years |
0.2.17 | MIT | 1 | 2017-02-20 - 22:56 | about 7 years |
0.2.16 | MIT | 1 | 2016-09-14 - 21:56 | over 7 years |
0.2.15 | MIT | 1 | 2016-05-13 - 14:10 | almost 8 years |
0.2.14 | MIT | 1 | 2016-04-09 - 13:28 | about 8 years |
0.2.13 | MIT | 1 | 2016-03-24 - 19:16 | about 8 years |
0.2.12 | MIT | 1 | 2015-11-23 - 21:50 | over 8 years |
0.2.11 | MIT | 1 | 2015-07-18 - 16:26 | almost 9 years |
0.2.10 | MIT | 1 | 2015-06-16 - 18:57 | almost 9 years |
0.2.9 | MIT | 1 | 2015-05-22 - 06:56 | almost 9 years |
0.2.8 | MIT | 1 | 2015-05-21 - 20:32 | almost 9 years |
0.2.7 | MIT | 1 | 2015-04-09 - 21:04 | about 9 years |
0.2.6 | MIT | 1 | 2015-01-11 - 08:48 | over 9 years |
0.2.5 | MIT | 1 | 2014-10-11 - 15:38 | over 9 years |
0.2.4 | MIT | 1 | 2014-09-24 - 19:04 | over 9 years |
0.2.3 | MIT | 1 | 2014-07-07 - 11:02 | almost 10 years |
0.2.2 | MIT | 1 | 2014-03-31 - 07:42 | about 10 years |
0.2.1 | MIT | 1 | 2013-03-25 - 22:59 | about 11 years |
0.2.0 | MIT | 1 | 2013-02-01 - 07:47 | over 11 years |
0.1.2 | MIT | 1 | 2012-11-11 - 09:32 | over 11 years |
0.1.1 | MIT | 1 | 2012-11-06 - 15:14 | over 11 years |
0.1.0 | MIT | 1 | 2012-11-02 - 09:04 | over 11 years |