The loader-utils dependency has a critical vulnerability. #13027

ManuelSLemos · 2022-11-07T12:16:26Z

Hi, I have found a possible vulnerability with the loader-utils dependency.

Currently nx has as dependency loader-utils v1.2.3 and three days ago a vulnerability with these details has been reported:

loader-utils <2.0.3
Severity: critical
Prototype pollution in webpack loader-utils

More details

In my case, I found it using npm audit.

I hope it helps.

The text was updated successfully, but these errors were encountered:

PKief · 2022-11-07T13:00:28Z

@skrtheboss already created a PR for it: #13021

See GHSA-76p3-8jx3-jpfq Fixes nrwl#13027

github-actions · 2023-03-21T04:07:19Z

This issue has been closed for more than 30 days. If this issue is still occuring, please open a new issue with more recent context.

ManuelSLemos added the type: bug label Nov 7, 2022

skrtheboss mentioned this issue Nov 7, 2022

fix(react): upgrade loader-utils #13021

Merged

skrtheboss added a commit to skrtheboss/nx that referenced this issue Nov 7, 2022

fix(core): upgrade loader-utils

48fbd9a

See GHSA-76p3-8jx3-jpfq Fixes nrwl#13027

AgentEnder closed this as completed in #13021 Nov 7, 2022

github-actions bot added the outdated label Mar 21, 2023

github-actions bot locked as resolved and limited conversation to collaborators Mar 21, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

The loader-utils dependency has a critical vulnerability. #13027

The loader-utils dependency has a critical vulnerability. #13027

ManuelSLemos commented Nov 7, 2022

PKief commented Nov 7, 2022 •

edited

github-actions bot commented Mar 21, 2023

The loader-utils dependency has a critical vulnerability. #13027

The loader-utils dependency has a critical vulnerability. #13027

Comments

ManuelSLemos commented Nov 7, 2022

PKief commented Nov 7, 2022 • edited

github-actions bot commented Mar 21, 2023

PKief commented Nov 7, 2022 •

edited