VulnerableCode Package Details - pkg:npm/loader-utils@3.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-fn7h-3n1n-9bhr Aliases: CVE-2022-37599 GHSA-hhq3-ff78-jv3g	loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.	3.2.1 Affected by 0 other vulnerabilities.
VCID-y1np-kma2-ayfn Aliases: CVE-2022-37603 GHSA-3rfm-jhwj-7488	loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.	3.2.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fn7h-3n1n-9bhr
Aliases:
CVE-2022-37599
GHSA-hhq3-ff78-jv3g

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.

3.2.1
Affected by 0 other vulnerabilities.

VCID-y1np-kma2-ayfn
Aliases:
CVE-2022-37603
GHSA-3rfm-jhwj-7488

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.

3.2.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-fnnx-s2c7-xyfh	Prototype pollution in webpack loader-utils Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.	CVE-2022-37601 GHSA-76p3-8jx3-jpfq

Vulnerability

Summary

Aliases

VCID-fnnx-s2c7-xyfh

Prototype pollution in webpack loader-utils Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.

CVE-2022-37601
GHSA-76p3-8jx3-jpfq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:12:30.573011+00:00	GitLab Importer	Affected by	VCID-y1np-kma2-ayfn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37603.yml	38.4.0
2026-04-16T22:12:22.713652+00:00	GitLab Importer	Fixing	VCID-fnnx-s2c7-xyfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37601.yml	38.4.0
2026-04-16T22:12:22.094787+00:00	GitLab Importer	Affected by	VCID-fn7h-3n1n-9bhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37599.yml	38.4.0
2026-04-11T23:29:23.735242+00:00	GitLab Importer	Affected by	VCID-y1np-kma2-ayfn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37603.yml	38.3.0
2026-04-11T23:29:15.351106+00:00	GitLab Importer	Fixing	VCID-fnnx-s2c7-xyfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37601.yml	38.3.0
2026-04-11T23:29:14.225501+00:00	GitLab Importer	Affected by	VCID-fn7h-3n1n-9bhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37599.yml	38.3.0
2026-04-02T23:34:59.340484+00:00	GitLab Importer	Affected by	VCID-y1np-kma2-ayfn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37603.yml	38.1.0
2026-04-02T23:34:51.024018+00:00	GitLab Importer	Fixing	VCID-fnnx-s2c7-xyfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37601.yml	38.1.0
2026-04-02T23:34:50.424702+00:00	GitLab Importer	Affected by	VCID-fn7h-3n1n-9bhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37599.yml	38.1.0
2026-04-01T17:57:05.654577+00:00	GitLab Importer	Affected by	VCID-y1np-kma2-ayfn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37603.yml	38.0.0
2026-04-01T17:56:57.187794+00:00	GitLab Importer	Fixing	VCID-fnnx-s2c7-xyfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37601.yml	38.0.0
2026-04-01T17:56:56.061228+00:00	GitLab Importer	Affected by	VCID-fn7h-3n1n-9bhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37599.yml	38.0.0
2026-04-01T16:03:39.646714+00:00	GHSA Importer	Affected by	VCID-y1np-kma2-ayfn	https://github.com/advisories/GHSA-3rfm-jhwj-7488	38.0.0
2026-04-01T16:03:38.859847+00:00	GHSA Importer	Affected by	VCID-fn7h-3n1n-9bhr	https://github.com/advisories/GHSA-hhq3-ff78-jv3g	38.0.0