CVE-2022-37265

Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.
Configurations

Configuration 1 (hide)

cpe:2.3:a:stealjs:steal:2.2.4:*:*:*:*:node.js:*:*

History

22 Sep 2022, 14:43

Type Values Removed Values Added
CPE cpe:2.3:a:stealjs:steal:2.2.4:*:*:*:*:node.js:*:*
First Time Stealjs
Stealjs steal
CWE CWE-1321
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L4569 - (MISC) https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L4569 - Patch, Third Party Advisory
References (MISC) https://github.com/stealjs/steal/issues/1534 - (MISC) https://github.com/stealjs/steal/issues/1534 - Issue Tracking, Third Party Advisory
References (MISC) https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L4216 - (MISC) https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L4216 - Patch, Third Party Advisory

20 Sep 2022, 18:16

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-20 18:15

Updated : 2022-09-22 14:43


NVD link : CVE-2022-37265

Mitre link : CVE-2022-37265


JSON object : View

Products Affected

stealjs

  • steal
CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')