CVE-2022-37258
npm/steal
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.
Version 2.2.4
Upgrade to version 2.3.0 or above.
2022-09-22
source |