Lucene search
GoogleOSV:CVE-2022-37258HistorySep 16, 2022 - 10:15 p.m.
CVE-2022-37258
2022-09-1622:15:12
Google
osv.dev
2
cve-2022-37258
npm-convert.js
stealjs steal 2.2.4
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.4%
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.
| CPE | Name | Operator | Version |
|---|---|---|---|
| steal | eq | 2.0.0 | |
| steal | eq | 0.12.0-pre.10 | |
| steal | eq | 2.0.0-pre.9 | |
| steal | eq | 1.5.0 | |
| steal | eq | 2.0.0-pre.8 | |
| steal | eq | 0.16.32 | |
| steal | eq | 2.1.2 | |
| steal | eq | 0.16.18 | |
| steal | eq | 0.16.28 | |
| steal | eq | 0.7.0-pre.4 |
Related
cve
cve
CVE-2022-37258
2022-09-16 22:15:12
osv
osv
steal vulnerable to Prototype Pollution
2022-09-17 00:00:30
github
github
steal vulnerable to Prototype Pollution
2022-09-17 00:00:30
cvelist
cvelist
CVE-2022-37258
2022-09-16 20:57:18
nvd
nvd
CVE-2022-37258
2022-09-16 22:15:12
veracode
veracode
Prototype Pollution
2022-09-19 08:50:37
Prototype Pollution
2022-09-19 08:27:28
prion
prion
Code injection
2022-09-16 22:15:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.4%
Related for OSV:CVE-2022-37258