Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fix vulnerability in v1 of loader-utils #218

Closed
daniluk4000 opened this issue Nov 7, 2022 · 2 comments
Closed

Fix vulnerability in v1 of loader-utils #218

daniluk4000 opened this issue Nov 7, 2022 · 2 comments

Comments

@daniluk4000
Copy link

daniluk4000 commented Nov 7, 2022
edited
Loading

We did discuss this in PMs but I'll also create corresponding issue, @alexander-akait.

Motivation

  1. v1 version of this library is still used in many libraries and people who didn't yet migrate to Webpack 5
  2. v1 has almost 20 millions of weekly downloads
  3. The fix is single-line and easy to implement

Request

Please create branch v1.0.0 with latest commit (1.4.0) and add changes from #217 here as 1.4.1 version. This shouldn't add any breaking changes and will fix critical vulnerability.

Thanks!
@daniluk4000 daniluk4000 mentioned this issue Nov 7, 2022
Closed
@ryanmunger ryanmunger mentioned this issue Nov 7, 2022
Closed
@alexander-akait alexander-akait mentioned this issue Nov 7, 2022
Merged
@alexander-akait
Copy link
Member

Fixed and released https://github.com/webpack/loader-utils/releases/tag/v1.4.1

This was referenced Nov 8, 2022
Closed
Closed
@vishalkumar-barnwal vishalkumar-barnwal mentioned this issue Nov 8, 2022
Merged
@sam-glendenning sam-glendenning mentioned this issue Nov 8, 2022
Closed
3 tasks
@nukeop
Copy link

nukeop commented Nov 8, 2022

Whats the attack vector here? How can this be exploited?

@Felk Felk mentioned this issue Nov 10, 2022
Closed
@debricked debricked bot mentioned this issue Jan 31, 2024
Open
This was referenced Apr 20, 2024
Merged
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexander-akait @daniluk4000 @nukeop