CVE-2022-37599

Name of the Vulnerable Software and Affected Versions webpack loader-utils version 2.0.0

Description A Regular expression denial of service (ReDoS) flaw was found in the interpolateName function in interpolateName.js via the resourcePath variable. This issue could be exploited by sending crafted requests with badly or maliciously formed strings, causing a system to crash or take a disproportional amount of time to process.

Recommendations For version 2.0.0, update to version 2.0.4 to resolve the issue. As a temporary workaround, consider restricting the use of the interpolateName function until a patch is available. Avoid using the resourcePath variable in the affected interpolateName.js file until the issue is resolved.