From 0007600c6ba1220e165282fd816d8f099c70546c Mon Sep 17 00:00:00 2001
From: Jeran Urban <jeran.urban@gmail.com>
Date: Mon, 14 Nov 2022 22:56:37 -0600
Subject: [PATCH] Improve GHSA-hhq3-ff78-jv3g

---
 .../GHSA-hhq3-ff78-jv3g.json                  | 71 ++++++++++++++++++-
 1 file changed, 68 insertions(+), 3 deletions(-)

diff --git a/advisories/unreviewed/2022/10/GHSA-hhq3-ff78-jv3g/GHSA-hhq3-ff78-jv3g.json b/advisories/unreviewed/2022/10/GHSA-hhq3-ff78-jv3g/GHSA-hhq3-ff78-jv3g.json
index 6c6f7cb8480ce..679c1112f6bcd 100644
--- a/advisories/unreviewed/2022/10/GHSA-hhq3-ff78-jv3g/GHSA-hhq3-ff78-jv3g.json
+++ b/advisories/unreviewed/2022/10/GHSA-hhq3-ff78-jv3g/GHSA-hhq3-ff78-jv3g.json
@@ -1,12 +1,13 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-hhq3-ff78-jv3g",
-  "modified": "2022-10-14T12:00:22Z",
+  "modified": "2022-11-15T04:56:37Z",
   "published": "2022-10-12T12:00:27Z",
   "aliases": [
     "CVE-2022-37599"
   ],
-  "details": "A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.",
+  "summary": "A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.",
+  "details": "CVE Description\nA Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.\n\nImpact\nA badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process\n\nPatches\nImproved regex against CVE-2022-37603 used to no longer have the same vulnerabilities, addressing this issue as well.\n\nWorkarounds\nNone.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -14,7 +15,63 @@
     }
   ],
   "affected": [
-
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "loader-utils"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.4.2"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "loader-utils"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.0.0"
+            },
+            {
+              "fixed": "2.0.4"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "loader-utils"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3.0.0"
+            },
+            {
+              "fixed": "3.2.1"
+            }
+          ]
+        }
+      ]
+    }
   ],
   "references": [
     {
@@ -25,6 +82,14 @@
       "type": "WEB",
       "url": "https://github.com/webpack/loader-utils/issues/211"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/webpack/loader-utils/issues/216"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/webpack/loader-utils"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38"