Vulnerability Database
Blog
FAQ
GHSA-wc4x-qmr2-rj8h
Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-wc4x-qmr2-rj8h/GHSA-wc4x-qmr2-rj8h.json
Aliases
CVE-2022-37265
Published
2022-09-21T00:00:38Z
Modified
2022-09-23T17:08:11Z
Details
Prototype pollution vulnerability in stealjs steal via the alias variable in babel.js.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37265
https://github.com/stealjs/steal/issues/1534
https://github.com/stealjs/steal
https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L4216
https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L4569
Affected packages
npm
/
steal
Source Details
Package Name
steal
Affected ranges
Type
SEMVER
Events
Introduced
0
The exact introduced commit is unknown
Last affected
2.3.0
GHSA-wc4x-qmr2-rj8h - OSV