4 matches found
CVE-2022-37258
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...
@basket/get (>=1.1.0 <=1.2.2), @bitovi/incremental (>=1.0.0 <=1.0.2) +50 more potentially affected by CVE-2022-37258 via steal (>=0.12.9 <=2.3.0)
steal NPM version =0.12.9, =1.1.0, =1.0.0, =1.0.0, =0.0.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1-0, =0.3.0, =1.0.0, =0.4.0, =0.7.3 and more Source cves: CVE-2022-37258 Source advisory: OSV:GHSA-GVJW-8MMR-8F6G...
CVE-2022-37258
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...
CVE-2022-37258
CVE-2022-37258 affects stealjs 2.2.4, via the npm-convert.js file (function convertLater). The root cause is a lack of validation in convertLater that allows prototype pollution through the packageName variable, enabling an attacker to inject properties into existing object prototypes (e.g., prot...