Hide Forgot
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. The prototype pollution vulnerability can be mitigated with several best practices described here: https://learn.snyk.io/lessons/prototype-pollution/javascript/
Created golang-github-prometheus tracking bugs for this issue: Affects: epel-all [bug 2140598]
Created cockatrice tracking bugs for this issue: Affects: fedora-all [bug 2140606] Created couchdb tracking bugs for this issue: Affects: fedora-all [bug 2140607] Created golang-entgo-ent tracking bugs for this issue: Affects: fedora-all [bug 2140608] Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2140609] Created mozjs68 tracking bugs for this issue: Affects: fedora-all [bug 2140610] Created mozjs78 tracking bugs for this issue: Affects: fedora-all [bug 2140611] Created seamonkey tracking bugs for this issue: Affects: epel-all [bug 2140605] Affects: fedora-all [bug 2140612] Created yarnpkg tracking bugs for this issue: Affects: fedora-all [bug 2140613] Created zuul tracking bugs for this issue: Affects: fedora-all [bug 2140614]
This issue has been addressed in the following products: RHOL-5.5-RHEL-8 Via RHSA-2022:8781 https://access.redhat.com/errata/RHSA-2022:8781
This issue has been addressed in the following products: Migration Toolkit for Runtimes 1 on RHEL 8 Via RHSA-2023:0471 https://access.redhat.com/errata/RHSA-2023:0471
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-37603