Regular Expression Denial of Service (ReDoS)
sydseter opened this issue · comments
Description
Regular Expression Denial of Service (ReDoS)
Affecting loader-utils package, versions *
see: https://security.snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943
Expected behavior
This is an issue in loader-utils which require patching.
Currently no fix version exist: https://security.snyk.io/package/npm/loader-utils
Actual behavior
Currently loader-utils has a security vulnerability that requires patching.
Environment
React Hot Loader version:
All
Has been fixed by #1849
pending version release....
It seems that there is a new vulnerability that affects loader-utils 2.0.3 (CVE-2022-37603), it is fixed on loader-utils 2.0.4
Should be fixed for 4.13.1