Lucene search
K

85 matches found

CVE
CVE
added 2022/09/16 8:57 p.m.82 views

CVE-2022-37258

CVE-2022-37258 affects stealjs 2.2.4, via the npm-convert.js file (function convertLater). The root cause is a lack of validation in convertLater that allows prototype pollution through the packageName variable, enabling an attacker to inject properties into existing object prototypes (e.g., prot...

9.8CVSS9.3AI score0.01214EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/09/16 12:0 a.m.20 views

GHSA-VWHQ-PM3R-FJM9 steal vulnerable to Prototype Pollution via key variable in babel.js

Prototype pollution vulnerability in function extend in babel.js in stealjs steal via the key variable in babel.js...

9.8CVSS7.2AI score0.01055EPSS
Exploits0References5
OSV
OSV
added 2022/09/16 12:0 a.m.21 views

GHSA-93Q5-3XPC-8VG3 steal vulnerable to Prototype Pollution via requestedVersion variable

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal via the requestedVersion variable in the npm-convert.js file...

9.8CVSS5.9AI score0.01109EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/16 12:0 a.m.24 views

steal vulnerable to Prototype Pollution via requestedVersion variable

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal via the requestedVersion variable in the npm-convert.js file...

9.8CVSS8.9AI score0.01109EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 12:0 a.m.22 views

steal vulnerable to Prototype Pollution via key variable in babel.js

Prototype pollution vulnerability in function extend in babel.js in stealjs steal via the key variable in babel.js...

9.8CVSS8.9AI score0.01055EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/09/16 12:0 a.m.2 views

GHSA-28V4-JF82-JVJ8 steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the source and sourceWithComments variable in main.js...

7.5CVSS5.8AI score0.01079EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/16 12:0 a.m.27 views

steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the source and sourceWithComments variable in main.js...

7.5CVSS7.2AI score0.01079EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 12:0 a.m.21 views

steal vulnerable to Prototype Pollution via optionName variable

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...

9.8CVSS8.9AI score0.01195EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/09/16 12:0 a.m.2 views

GHSA-7F3X-2WCX-HWW8 steal vulnerable to Regular Expression Denial of Service via input variable

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the input variable in main.js...

7.5CVSS7AI score0.01017EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/16 12:0 a.m.38 views

steal vulnerable to Regular Expression Denial of Service via input variable

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the input variable in main.js...

7.5CVSS7.2AI score0.01017EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.6 views

steal 安全漏洞

steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. StealJS steal npm-convert.js version 2.2.4 security vulnerability , the vulnerability stems from the function convertLater through the packageName...

9.8CVSS8.2AI score0.01214EPSS
Exploits1References4
NVD
NVD
added 2022/09/15 7:15 p.m.34 views

CVE-2022-37260

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...

7.5CVSS0.01017EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/15 7:15 p.m.5 views

CVE-2022-37260

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...

7.5CVSS7AI score0.01017EPSS
Exploits0References4
OSV
OSV
added 2022/09/15 7:15 p.m.15 views

CVE-2022-37260

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...

7.5CVSS7.5AI score
Exploits0References3
Prion
Prion
added 2022/09/15 7:15 p.m.15 views

Input validation

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...

5CVSS7.5AI score0.01017EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/09/15 6:18 p.m.48 views

CVE-2022-37260

CVE-2022-37260 describes a Regular Expression Denial of Service (ReDoS) in the StealJS module loader, specifically in steal 2.2.4 via the input variable in main.js. The CVSS 3.1 base score is 7.5 (HIGH), with attack vector NETWORK, attack complexity LOW, and no privileges or user interaction requ...

7.5CVSS7.4AI score0.01017EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/09/15 6:18 p.m.35 views

CVE-2022-37260

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...

7.7AI score0.01017EPSS
Exploits0References3
NVD
NVD
added 2022/09/15 4:15 p.m.21 views

CVE-2022-37262

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...

7.5CVSS0.01079EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/15 4:15 p.m.4 views

CVE-2022-37262

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...

7.5CVSS5.7AI score0.01079EPSS
Exploits0References4
NVD
NVD
added 2022/09/15 4:15 p.m.17 views

CVE-2022-37264

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...

9.8CVSS0.01195EPSS
Exploits0References3
Rows per page
Query Builder