GHSA-rgqx-226f-2xp4

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-rgqx-226f-2xp4/GHSA-rgqx-226f-2xp4.json

Aliases

• CVE-2022-37259

Published

2022-09-21T00:00:38Z

Modified

2022-09-23T17:08:13Z

Details

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-37259
• https://github.com/stealjs/steal/issues/1528
• https://github.com/stealjs/steal
• https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L54124
• https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L54129