EPSS
Percentile
46.6%
steal is vulnerable to regular expression denial of service. A remote attacker is able to supply a malicious input through the string variables in babel.js causing a hang in the system.
babel.js
github.com/advisories/GHSA-rgqx-226f-2xp4
github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L54124
github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L54129
github.com/stealjs/steal/issues/1528