Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regular Expression Denial of Service (ReDoS) #1850

Closed
sydseter opened this issue Nov 8, 2022 · 3 comments
Closed

Regular Expression Denial of Service (ReDoS) #1850

sydseter opened this issue Nov 8, 2022 · 3 comments
Assignees
@theKashey

Comments

@sydseter
Copy link

sydseter commented Nov 8, 2022
edited
Loading

Description

Regular Expression Denial of Service (ReDoS)
Affecting loader-utils package, versions *

see: https://security.snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943

Expected behavior

This is an issue in loader-utils which require patching.
Currently no fix version exist: https://security.snyk.io/package/npm/loader-utils

Actual behavior

Currently loader-utils has a security vulnerability that requires patching.

Environment

React Hot Loader version:

All
@theKashey
Copy link
Collaborator

Has been fixed by #1849
pending version release....

@theKashey theKashey self-assigned this Nov 10, 2022
@lucasraziel
Copy link

It seems that there is a new vulnerability that affects loader-utils 2.0.3 (CVE-2022-37603), it is fixed on loader-utils 2.0.4

@sydseter
Copy link
Author

sydseter commented Jan 4, 2023

Should be fixed for 4.13.1

@sydseter sydseter closed this as completed Jan 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@theKashey theKashey

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@theKashey @sydseter @lucasraziel