45 matches found
GHSA-8F8G-9J73-7P82 steal vulnerable to Prototype Pollution via optionName variable
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...
steal vulnerable to Prototype Pollution via optionName variable
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...
steal vulnerable to Regular Expression Denial of Service via input variable
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the input variable in main.js...
CVE-2022-37260
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...
CVE-2022-37260
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...
Input validation
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...
CVE-2022-37260
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...
CVE-2022-37260
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the input variable in main.js...
CVE-2022-37260
CVE-2022-37260 describes a Regular Expression Denial of Service (ReDoS) in the StealJS module loader, specifically in steal 2.2.4 via the input variable in main.js. The CVSS 3.1 base score is 7.5 (HIGH), with attack vector NETWORK, attack complexity LOW, and no privileges or user interaction requ...
CVE-2022-37264
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...
CVE-2022-37262
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...
Denial of service
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...
Code injection
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...
CVE-2022-37264
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...
CVE-2022-37264
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...
CVE-2022-37262
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...
CVE-2022-37262
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...
steal 安全漏洞
steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal 2.2.4, which originates from a StealJS Regular Expression Denial of Service ReDoS via the optionName variabl...
PT-2022-23904 · Stealjs · Stealjs
Name of the Vulnerable Software and Affected Versions: stealjs steal version 2.2.4 Description: The issue is related to a prototype pollution vulnerability. It affects stealjs steal via the optionName variable in main.js. Recommendations: For stealjs steal version 2.2.4, consider restricting acce...
PT-2022-23902 · Stealjs · Stealjs
Name of the Vulnerable Software and Affected Versions: stealjs steal version 2.2.4 Description: A Regular Expression Denial of Service ReDoS flaw was found in the input variable in main.js. This issue can cause a denial of service. Recommendations: For version 2.2.4, consider restricting the inpu...