Skip to main content

Steal

8 CVEs product

Monthly

CVE-2022-37265 npm CRITICAL PATCH Act Now

Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure Prototype Pollution Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37259 npm HIGH This Week

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Steal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-37258 npm CRITICAL POC Act Now

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Node.js Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-37260 npm HIGH This Week

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Steal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-37264 npm CRITICAL Act Now

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-37262 npm HIGH This Week

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Steal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-37266 npm CRITICAL Act Now

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37257 npm CRITICAL Act Now

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Prototype Pollution Steal
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure Prototype Pollution Steal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Steal
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Node.js +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Steal
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Steal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Steal
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Steal
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Prototype Pollution +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy