GHSA-gvjw-8mmr-8f6g

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-gvjw-8mmr-8f6g/GHSA-gvjw-8mmr-8f6g.json

Aliases

• CVE-2022-37258

Published

2022-09-17T00:00:30Z

Modified

2022-09-23T13:44:49Z

Details

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-37258
• https://github.com/stealjs/steal/issues/1527
• https://github.com/stealjs/steal
• https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L362
• https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L369