7 matches found
EUVD-2022-6952
Malicious code in bioql PyPI...
CVE-2022-37265
Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js...
CVE-2022-37258
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...
steal vulnerable to Prototype Pollution via optionName variable
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js...
Denial of service
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...
Code injection
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js...
CVE-2022-37257
CVE-2022-37257 affects stealjs Steal 2.2.4 (prototype pollution) in the convertLater function via the requestedVersion variable in npm-convert.js. Root cause: prototype contamination allowing injection into proto , constructor, and prototype chains. Impact per sources: high confidentiality, integ...