Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerability in v1 of loader-utils #218

Closed
daniluk4000 opened this issue Nov 7, 2022 · 2 comments
Closed

Fix vulnerability in v1 of loader-utils #218

daniluk4000 opened this issue Nov 7, 2022 · 2 comments

Comments

@daniluk4000
Copy link

daniluk4000 commented Nov 7, 2022
edited

We did discuss this in PMs but I'll also create corresponding issue, @alexander-akait.

Motivation

  1. v1 version of this library is still used in many libraries and people who didn't yet migrate to Webpack 5
  2. v1 has almost 20 millions of weekly downloads
  3. The fix is single-line and easy to implement

Request

Please create branch v1.0.0 with latest commit (1.4.0) and add changes from #217 here as 1.4.1 version. This shouldn't add any breaking changes and will fix critical vulnerability.

Thanks!
@daniluk4000 daniluk4000 mentioned this issue Nov 7, 2022
Closed
@ryanmunger ryanmunger mentioned this issue Nov 7, 2022
Closed
@alexander-akait alexander-akait mentioned this issue Nov 7, 2022
Merged
@alexander-akait
Copy link
Member

Fixed and released https://github.com/webpack/loader-utils/releases/tag/v1.4.1

This was referenced Nov 8, 2022
Closed
Closed
@vishalkumar-barnwal vishalkumar-barnwal mentioned this issue Nov 8, 2022
Merged
@sam-glendenning sam-glendenning mentioned this issue Nov 8, 2022
Closed
3 tasks
@nukeop
Copy link

nukeop commented Nov 8, 2022

Whats the attack vector here? How can this be exploited?

@Felk Felk mentioned this issue Nov 10, 2022
Closed
@debricked debricked bot mentioned this issue Jan 31, 2024
Open
This was referenced Apr 20, 2024
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexander-akait @daniluk4000 @nukeop