A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Jboss Data Grid
  • Logging
  • Migration Toolkit Applications
  • Migration Toolkit Runtimes
  • Red Hat Single Sign On
  • Rhmt
  • Rhosemc
Webpack.js
  • Loader-utils

Configuration 1 [-]

OR cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*
cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*
cpe:2.3:a:webpack.js:loader-utils:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Migration Toolkit for Runtimes 1 on RHEL 8
loader-utils cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 RHSA-2023:0471 2023-01-26T00:00:00Z
loader-utils cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 RHSA-2023:3374 2023-05-31T00:00:00Z
MTA-6.0-RHEL-8
mta/mta-ui-rhel8:6.0.1-10 cpe:/a:redhat:migration_toolkit_applications:6.0::el8 RHSA-2023:0934 2023-02-28T00:00:00Z
Red Hat Data Grid 8.4.1
loader-utils cpe:/a:redhat:jboss_data_grid:8 RHSA-2023:0713 2023-02-09T00:00:00Z
Red Hat Migration Toolkit for Containers 1.7
rhmtc/openshift-migration-ui-rhel8:v1.7.8-5 cpe:/a:redhat:rhmt:1.7::el8 RHSA-2023:1428 2023-03-23T00:00:00Z
Red Hat Single Sign-On 7
loader-utils cpe:/a:redhat:red_hat_single_sign_on:7.6 RHSA-2023:1049 2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 RHSA-2023:1043 2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 RHSA-2023:1044 2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 RHSA-2023:1045 2023-03-01T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-20 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2023:1047 2023-03-01T00:00:00Z
RHOL-5.5-RHEL-8
openshift-logging/logging-view-plugin-rhel8:v5.5.5-2 cpe:/a:redhat:logging:5.5::el8 RHSA-2022:8781 2022-12-08T00:00:00Z
References
Link Providers
https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107 cve-icon cve-icon
https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38 cve-icon cve-icon
https://github.com/webpack/loader-utils/issues/213 cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-37603 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-37603 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-14T00:00:00

Updated: 2024-08-03T10:29:21.025Z

Reserved: 2022-08-08T00:00:00

Link: CVE-2022-37603

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-10-14T16:15:12.647

Modified: 2023-11-07T03:49:52.060

Link: CVE-2022-37603

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-10-06T00:00:00Z

Links: CVE-2022-37603 - Bugzilla