Steal
Monthly
Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.