CVE-2022-37257

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.
Configurations

Configuration 1 (hide)

cpe:2.3:a:stealjs:steal:2.2.4:*:*:*:*:node.js:*:*

History

19 Sep 2022, 16:15

Type Values Removed Values Added
CPE cpe:2.3:a:stealjs:steal:2.2.4:*:*:*:*:node.js:*:*
First Time Stealjs
Stealjs steal
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-1321
References (MISC) http://steal.com - (MISC) http://steal.com - Product
References (MISC) https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L362 - (MISC) https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L362 - Third Party Advisory
References (MISC) https://github.com/stealjs/steal/issues/1526 - (MISC) https://github.com/stealjs/steal/issues/1526 - Issue Tracking, Third Party Advisory
References (MISC) http://stealjs.com - (MISC) http://stealjs.com - Product
References (MISC) https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L371 - (MISC) https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L371 - Third Party Advisory

15 Sep 2022, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-15 13:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-37257

Mitre link : CVE-2022-37257

CVE.ORG link : CVE-2022-37257


JSON object : View

Products Affected

stealjs

  • steal
CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')