18 matches found
EUVD-2022-6831
Malicious code in bioql PyPI...
EUVD-2022-6751
Malicious code in bioql PyPI...
CVE-2022-37258
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...
Prototype Pollution
steal is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the convertLater function of npm-convert.js and modify attributes such as proto, constructor, and prototype...
Prototype Pollution
steal is vulnerable to prototype pollution. The vulnerability exists because of lack of validation in convertLater function in npm-convert.js which allows an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or contaminating th...
GHSA-GVJW-8MMR-8F6G steal vulnerable to Prototype Pollution
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...
steal vulnerable to Prototype Pollution
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...
CVE-2022-37258
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...
CVE-2022-37258
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...
CVE-2022-37258
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...
Code injection
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...
CVE-2022-37258
CVE-2022-37258 affects stealjs 2.2.4, via the npm-convert.js file (function convertLater). The root cause is a lack of validation in convertLater that allows prototype pollution through the packageName variable, enabling an attacker to inject properties into existing object prototypes (e.g., prot...
Prototype Pollution
steal is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the convertLater function of npm-convert.js and modify attributes such as proto, constructor, and prototype...
steal 安全漏洞
steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. StealJS steal npm-convert.js version 2.2.4 security vulnerability , the vulnerability stems from the function convertLater through the packageName...
Code injection
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js...
CVE-2022-37257
CVE-2022-37257 affects stealjs Steal 2.2.4 (prototype pollution) in the convertLater function via the requestedVersion variable in npm-convert.js. Root cause: prototype contamination allowing injection into proto , constructor, and prototype chains. Impact per sources: high confidentiality, integ...
CVE-2022-37257
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js...
PT-2022-23898 · Stealjs · Stealjs
Name of the Vulnerable Software and Affected Versions: stealjs steal version 2.2.4 Description: The issue is related to a prototype pollution vulnerability in the convertLater function in npm-convert.js. This vulnerability is exploited via the requestedVersion variable in npm-convert.js...