CVE-2022-37603

Name of the Vulnerable Software and Affected Versions webpack loader-utils version 2.0.0 webpack loader-utils versions prior to 1.4.2 webpack loader-utils versions prior to 2.0.4 webpack loader-utils versions prior to 3.2.1

Description A Regular expression denial of service (ReDoS) flaw was found in the interpolateName function in interpolateName.js in webpack loader-utils via the url variable. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process.

Recommendations For version 2.0.0, update to version 2.0.4 or later to resolve the issue. For versions prior to 1.4.2, update to version 1.4.2 or later to resolve the issue. For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the interpolateName function in interpolateName.js until a patch is applied. Avoid using the url variable in the affected interpolateName.js file until the issue is resolved.