EUVD-2022-6742

Malicious code in bioql PyPI...

Prototype Pollution

steal is vulnerable to prototype pollution. The optionName variable in main.js is not validated, allowing an attacker to modify object by accessing it through the ‘proto’ property of object...

GHSA-8F8G-9J73-7P82 steal vulnerable to Prototype Pollution via optionName variable

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...

steal vulnerable to Prototype Pollution via optionName variable

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...

CVE-2022-37264

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...

CVE-2022-37264

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...

Code injection

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...

CVE-2022-37264

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...

PT-2022-23904 · Stealjs · Stealjs

Name of the Vulnerable Software and Affected Versions: stealjs steal version 2.2.4 Description: The issue is related to a prototype pollution vulnerability. It affects stealjs steal via the optionName variable in main.js. Recommendations: For stealjs steal version 2.2.4, consider restricting acce...

steal 安全漏洞

steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal 2.2.4, which originates from a StealJS Regular Expression Denial of Service ReDoS via the optionName variabl...