85 matches found
CVE-2022-37258
CVE-2022-37258 affects stealjs 2.2.4, via the npm-convert.js file (function convertLater). The root cause is a lack of validation in convertLater that allows prototype pollution through the packageName variable, enabling an attacker to inject properties into existing object prototypes (e.g., prot...
GHSA-VWHQ-PM3R-FJM9 steal vulnerable to Prototype Pollution via key variable in babel.js
Prototype pollution vulnerability in function extend in babel.js in stealjs steal via the key variable in babel.js...
GHSA-93Q5-3XPC-8VG3 steal vulnerable to Prototype Pollution via requestedVersion variable
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal via the requestedVersion variable in the npm-convert.js file...
steal vulnerable to Prototype Pollution via requestedVersion variable
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal via the requestedVersion variable in the npm-convert.js file...
steal vulnerable to Prototype Pollution via key variable in babel.js
Prototype pollution vulnerability in function extend in babel.js in stealjs steal via the key variable in babel.js...
GHSA-28V4-JF82-JVJ8 steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the source and sourceWithComments variable in main.js...
steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the source and sourceWithComments variable in main.js...
steal vulnerable to Prototype Pollution via optionName variable
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...
GHSA-7F3X-2WCX-HWW8 steal vulnerable to Regular Expression Denial of Service via input variable
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the input variable in main.js...
steal vulnerable to Regular Expression Denial of Service via input variable
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the input variable in main.js...
steal 安全漏洞
steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. StealJS steal npm-convert.js version 2.2.4 security vulnerability , the vulnerability stems from the function convertLater through the packageName...
CVE-2022-37260
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...
CVE-2022-37260
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...
CVE-2022-37260
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...
Input validation
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...
CVE-2022-37260
CVE-2022-37260 describes a Regular Expression Denial of Service (ReDoS) in the StealJS module loader, specifically in steal 2.2.4 via the input variable in main.js. The CVSS 3.1 base score is 7.5 (HIGH), with attack vector NETWORK, attack complexity LOW, and no privileges or user interaction requ...
CVE-2022-37260
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...
CVE-2022-37262
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...
CVE-2022-37262
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...
CVE-2022-37264
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...