A remote attacker could leverage this vulnerability to cause a denial of service (DoS) condition on a targeted system by injecting malicious JavaScript code into a web page or another type of media that is loaded by webpack loader-utils. A successful exploit could cause a target system to stop responding until the malicious code was cleaned up. XSS flaws were also found in the following webpack loader-utils modules:
▼ VSCode Code Editor
▼ Source Code Formatter
▼ Webpack Dev Server
▼ Webpack Dev Middleware
▼ Webpack CLI (Command Line Interface)
A remote attacker could leverage these vulnerabilities to inject malicious code into a web page or other type of media that is loaded by the vulnerable software. Injecting malicious code into a web page or other type of media that is loaded by the vulnerable software could lead to phishing, information disclosure, or other attacks. XSS flaws were also found in the following webpack loader-utils modules:
▼ Babel
▼ CSS Preset
▼ CSS Loader
▼ Dev Server
▼ ES6/ES7/ES8/ES9/ES10/ES11/ES12/ES17/ES20/ES33/ES6/ES7/ES8/ES9/ES10/ES11/ES12/ES17/ES20/ES33/ES5/ES6
▼ CVE-2021-37597
A remote attacker could leverage this vulnerability to cause a denial of service (DoS) condition on a targeted system by injecting malicious JavaScript code into a web page or another type of media that is loaded by webpack loader-utils. A successful exploit could cause a target system to stop responding until the malicious code was cleaned up. XSS flaws were also found in the following webpack loader-utils modules:
▼ VSCode Code Editor
▼ Source Code Formatter
▼ Webpack Dev Server
▼ Webpack Dev Middleware
A remote attacker could leverage these vulnerabilities to inject malicious code into a web page or other type of media that is loaded by the vulnerable software. Injecting malicious code into a web page or other type of media that is loaded by the vulnerable software could lead to phishing, information disclosure, or other attacks. XSS flaws were also found in the following webpack loader-utils modules:
▼ Babel
▼ CSS Preset
▼ CSS Loader
▼ Dev Server
VSCode Code Editor
XSS flaws were found in the VSCode Code Editor module. A malicious user could leverage these flaws to inject malicious code into a web page or other type of media that is loaded by the vulnerable software. Injecting malicious code into a web page or other type of media that is loaded by the vulnerable software could lead to phishing, information disclosure, or other attacks.
Affected Software
▼ VSCode Code Editor
▼ Source Code Formatter
▼ Webpack Dev Server
▼ Webpack Dev Middleware
Timeline
Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/14/2022 01:07:00 UTC
References
- https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38
- https://github.com/webpack/loader-utils/issues/211
- https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37599