Lucene search
K

85 matches found

Github Security Blog
Github Security Blog
added 2022/09/21 12:0 a.m.33 views

steal Inefficient Regular Expression Complexity vulnerability via string variable

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the string variable in babel.js...

7.5CVSS7.2AI score0.01032EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/09/20 6:15 p.m.31 views

CVE-2022-37259

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the string variable in babel.js...

7.5CVSS0.01032EPSS
Exploits0References3
NVD
NVD
added 2022/09/20 6:15 p.m.39 views

CVE-2022-37265

Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js...

9.8CVSS0.01143EPSS
Exploits0References3
Prion
Prion
added 2022/09/20 6:15 p.m.17 views

Code injection

Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js...

7.5CVSS9.4AI score0.01143EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/09/20 5:36 p.m.39 views

CVE-2022-37265

Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js...

9.7AI score0.01143EPSS
Exploits0References3
OSV
OSV
added 2022/09/20 5:36 p.m.15 views

CVE-2022-37265

Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js...

9.8CVSS9.4AI score0.01143EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/09/20 5:36 p.m.9 views

CVE-2022-37265

Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js...

9.5AI score0.01143EPSS
Exploits0References3
CVE
CVE
added 2022/09/20 5:36 p.m.56 views

CVE-2022-37265

CVE-2022-37265 : A prototype pollution vulnerability affects stealjs steal version 2.2.4 via the alias variable in babel.js. Multiple connected sources (GHSA, Veracode, NVD, Red Hat) describe that an attacker can inject properties into existing object prototypes (e.g., proto , constructor, protot...

9.8CVSS9.4AI score0.01143EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/09/20 5:31 p.m.71 views

CVE-2022-37259

CVE-2022-37259 affects stealjs/steal version 2.2.4. The root cause is a Regular Expression Denial of Service (ReDoS) flaw exposed via a string variable in babel.js. The CVSS metrics indicate Network attack vector, low attack complexity, no privileges or user interaction, with availability impact ...

7.5CVSS7.4AI score0.01032EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/20 5:31 p.m.11 views

CVE-2022-37259

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the string variable in babel.js...

7.5AI score0.01032EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/20 5:31 p.m.31 views

CVE-2022-37259

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the string variable in babel.js...

7.7AI score0.01032EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.3 views

steal 资源管理错误漏洞

steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal version 2.2.4, which stems from a regular expression denial of service ReDoS vulnerability triggered onealjs...

7.5CVSS7.2AI score0.01032EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.4 views

steal 安全漏洞

steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal version 2.2.4, which stems from prototype contamination via alias variables in babel.js...

9.8CVSS8.2AI score0.01143EPSS
Exploits0References4
OSV
OSV
added 2022/09/17 12:0 a.m.2 views

GHSA-GVJW-8MMR-8F6G steal vulnerable to Prototype Pollution

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...

9.8CVSS5.9AI score0.01214EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/09/17 12:0 a.m.33 views

steal vulnerable to Prototype Pollution

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...

9.8CVSS8.9AI score0.01214EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/09/16 10:15 p.m.29 views

CVE-2022-37258

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...

9.8CVSS0.01214EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/09/16 10:15 p.m.3 views

CVE-2022-37258

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...

9.8CVSS7.3AI score0.01214EPSS
Exploits1References4
Prion
Prion
added 2022/09/16 10:15 p.m.19 views

Code injection

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...

7.5CVSS9.4AI score0.01214EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/09/16 8:57 p.m.26 views

CVE-2022-37258

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...

9.7AI score0.01214EPSS
Exploits1References3
OSV
OSV
added 2022/09/16 8:57 p.m.16 views

CVE-2022-37258

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...

9.8CVSS6.8AI score0.01214EPSS
Exploits1References5
Rows per page
Query Builder