CVE-2022-37258

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in npm/steal

Identifiers

CVE-2022-37258

Package Slug

npm/steal

Vulnerability

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Description

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.

Affected Versions

Version 2.2.4

Solution

Upgrade to version 2.3.0 or above.

Last Modified

2022-09-22

source