Bug 2134872 (CVE-2022-37599)
| Summary: | CVE-2022-37599 loader-utils: regular expression denial of service in interpolateName.js | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | juneau |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aazores, abobrov, adudiak, adupliak, aileenc, alampare, alazarot, amctagga, anbehl, asoldano, bbaranow, bbuckingham, bcourt, bdettelb, bmaxwell, boliveir, brian.stansberry, caswilli, cdewolf, chazlett, cluster-maint, cwelton, darran.lofthouse, davidn, dcadzow, dffrench, dfreiber, dhanak, dkenigsb, dkreling, dkuc, dosoudil, drichtar, dymurray, eaguilar, ebaron, ehelms, ellin, emingora, epacific, eric.wittmann, fdeutsch, fdupont, fjansen, fjuma, fmuellner, fzatlouk, gjospin, gmalinko, gparvin, grafana-maint, gzaronik, ibek, ibolton, idevat, idm-ds-dev-bugs, ikanias, ivassile, iweiss, janstey, jary, jburrell, jcammara, jcantril, jhardy, jhorak, jkang, jkoehler, jkurik, jmatthew, jmontleo, jneedle, jobarker, jpallich, jrokos, jshaughn, jsherril, jwendell, jweng, jwong, kaycoth, kshier, kverlaen, lbacciot, lgao, lpetrovi, lzap, mabashia, mhulan, micjohns, mlisik, mnovotny, mosmerov, mpitt, mpospisi, mresvani, msochure, msvehla, mwringe, myarboro, nathans, nboldt, ngough, njean, nmoumoul, nwallace, omular, orabin, oramraz, owatkins, pahickey, pantinor, pcreech, pdelbell, pdrozd, peholase, pjindal, pmackay, psegedy, pskopek, rcernich, rchan, release-test-team-automation, rgodfrey, rguimara, rjohnson, rogbas, rowaters, rrajasek, rravi, rstancel, saroy, scorneli, sfroberg, sgott, shbose, simaishi, slucidi, smaestri, smcdonal, smullick, sseago, stcannon, sthirugn, sthorger, stransky, tcarlin, teagle, tfister, tohughes, tojeline, tom.jenkinson, tpopela, twalsh, vkrizan, vkumar, vmugicag, yguenane, zsadeh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | loader-utils 1.4.2, loader-utils 2.0.4, loader-utils 3.2.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2209311, 2209326, 2134878, 2209312, 2209313, 2209314, 2209315, 2209316, 2209317, 2209322, 2209323, 2209324, 2209325, 2210672, 2210673, 2210674, 2210675, 2210676, 2210677, 2210678, 2210679 | ||
| Bug Blocks: | 2134710 | ||
|
Description
juneau
2022-10-14 14:01:44 UTC
Created cachelib tracking bugs for this issue: Affects: fedora-all [bug 2209313] Created golang-github-prometheus tracking bugs for this issue: Affects: epel-all [bug 2209311] Created mozjs78 tracking bugs for this issue: Affects: fedora-all [bug 2209314] Created pcs tracking bugs for this issue: Affects: fedora-all [bug 2209315] Created seamonkey tracking bugs for this issue: Affects: epel-all [bug 2209312] Affects: fedora-all [bug 2209316] Created yarnpkg tracking bugs for this issue: Affects: fedora-all [bug 2209317] This issue has been addressed in the following products: RHPAM 7.13.4 async Via RHSA-2023:4983 https://access.redhat.com/errata/RHSA-2023:4983 |