CVE-2022-37265
steal vulnerable to Prototype Pollution via alias variable in npm/steal
Identifiers
CVE-2022-37265, GHSA-wc4x-qmr2-rj8h
Package Slug
npm/steal
Vulnerability
steal vulnerable to Prototype Pollution via alias variable
Description
Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.
Affected Versions
Version 2.2.4
Solution
Upgrade to version 2.3.0 or above.
Last Modified
2022-09-22
| source |