steal is vulnerable to prototype pollution. A remote attacker is able to pollute objects by passing a maliciously crafted payload through optionName
variable in the getScriptOptions
function in main.js
.
github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/main.js#L2194
github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/main.js#L647
github.com/stealjs/steal/blob/v2.3.0/main.js#L2194
github.com/stealjs/steal/blob/v2.3.0/main.js#L647
github.com/stealjs/steal/issues/1533