Regular Expression Denial of Service (ReDoS)

Question

sydseter opened this issue 2 years ago · comments

Regular Expression Denial of Service (ReDoS)
Affecting loader-utils package, versions *

This is an issue in loader-utils which require patching.
Currently no fix version exist: https://security.snyk.io/package/npm/loader-utils

Currently loader-utils has a security vulnerability that requires patching.

React Hot Loader version:

All

Anton Korzunov · Answer 1 · Thu Nov 10 2022 08:54:06 GMT+0800 (China Standard Time)

Has been fixed by #1849
pending version release....

LUCAS SOARES DO REGO · Answer 2 · Wed Dec 07 2022 00:47:48 GMT+0800 (China Standard Time)

It seems that there is a new vulnerability that affects loader-utils 2.0.3 (CVE-2022-37603), it is fixed on loader-utils 2.0.4

Johan Sydseter · Answer 3 · Wed Jan 04 2023 21:56:25 GMT+0800 (China Standard Time)

Should be fixed for 4.13.1