VulnerableCode Package Details - pkg:npm/loader-utils@3.2.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-fn7h-3n1n-9bhr	loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.	CVE-2022-37599 GHSA-hhq3-ff78-jv3g
VCID-y1np-kma2-ayfn	loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.	CVE-2022-37603 GHSA-3rfm-jhwj-7488

Vulnerability

Summary

Aliases

VCID-fn7h-3n1n-9bhr

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.

CVE-2022-37599
GHSA-hhq3-ff78-jv3g

VCID-y1np-kma2-ayfn

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.

CVE-2022-37603
GHSA-3rfm-jhwj-7488

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T21:28:00.728793+00:00	GitLab Importer	Fixing	VCID-y1np-kma2-ayfn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37603.yml	38.1.0
2026-04-03T21:28:00.018226+00:00	GitLab Importer	Fixing	VCID-fn7h-3n1n-9bhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37599.yml	38.1.0
2026-04-01T16:03:39.650268+00:00	GHSA Importer	Fixing	VCID-y1np-kma2-ayfn	https://github.com/advisories/GHSA-3rfm-jhwj-7488	38.0.0
2026-04-01T16:03:38.863158+00:00	GHSA Importer	Fixing	VCID-fn7h-3n1n-9bhr	https://github.com/advisories/GHSA-hhq3-ff78-jv3g	38.0.0
2026-04-01T13:05:01.749408+00:00	GithubOSV Importer	Fixing	VCID-y1np-kma2-ayfn	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-3rfm-jhwj-7488/GHSA-3rfm-jhwj-7488.json	38.0.0
2026-04-01T13:04:47.168953+00:00	GithubOSV Importer	Fixing	VCID-fn7h-3n1n-9bhr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-hhq3-ff78-jv3g/GHSA-hhq3-ff78-jv3g.json	38.0.0