Lucene search
Veracode Vulnerability DatabaseVERACODE:37051HistorySep 16, 2022 - 6:24 a.m.
Prototype Pollution
2022-09-1606:24:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
vulnerability
prototype pollution
steal software
remote attacker
malicious payload
getscriptoptions function
main.js
0.002 Low
EPSS
Percentile
59.4%
steal is vulnerable to prototype pollution. A remote attacker is able to pollute objects by passing a maliciously crafted payload through optionName variable in the getScriptOptions function in main.js.
References
github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/main.js#L2194
github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/main.js#L647
github.com/stealjs/steal/blob/v2.3.0/main.js#L2194
github.com/stealjs/steal/blob/v2.3.0/main.js#L647
github.com/stealjs/steal/issues/1533
Related
nvd
nvd
CVE-2022-37264
2022-09-15 16:15:10
cve
cve
CVE-2022-37264
2022-09-15 16:15:10
cvelist
cvelist
CVE-2022-37264
2022-09-15 15:44:40
osv
osv
CVE-2022-37264
2022-09-15 16:15:10
steal vulnerable to Prototype Pollution via optionName variable
2022-09-16 00:00:36
veracode
veracode
Prototype Pollution
2022-09-16 08:32:05
github
github
steal vulnerable to Prototype Pollution via optionName variable
2022-09-16 00:00:36
prion
prion
Code injection
2022-09-15 16:15:00