Lucene search
Veracode Vulnerability DatabaseVERACODE:37047HistorySep 16, 2022 - 4:45 a.m.
Regular Expression Denial Of Service (ReDoS)
2022-09-1604:45:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
steal
redos
main.js
software
dos.attack
0.001 Low
EPSS
Percentile
46.8%
steal is vulnerable to regular expression denial of service (ReDoS) attacks. A remote attacker is able to cause a system hang via supplying a maliciously crafted input through source or sourceWithComments variables in main.js.
References
github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/main.js#L3497
github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/main.js#L3507
github.com/stealjs/steal/blob/v2.3.0/main.js#L3497
github.com/stealjs/steal/blob/v2.3.0/main.js#L3507
github.com/stealjs/steal/issues/1531
Related
github
github
cve
cve
CVE-2022-37262
2022-09-15 16:15:10
osv
osv
steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments
2022-09-16 00:00:36
CVE-2022-37262
2022-09-15 16:15:10
nvd
nvd
CVE-2022-37262
2022-09-15 16:15:10
prion
prion
Denial of service
2022-09-15 16:15:00
cvelist
cvelist
CVE-2022-37262
2022-09-15 15:37:47