GHSA-wc4x-qmr2-rj8h
- Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-wc4x-qmr2-rj8h/GHSA-wc4x-qmr2-rj8h.json
- Aliases
-
- CVE-2022-37265
- Published
- 2022-09-21T00:00:38Z
- Modified
- 2022-09-23T17:08:11Z
- Details
-
Prototype pollution vulnerability in stealjs steal via the alias variable in babel.js.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-37265
- https://github.com/stealjs/steal/issues/1534
- https://github.com/stealjs/steal
- https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L4216
- https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L4569
Affected packages
npm / steal
Source Details
- Package Name
- steal