CVE-2022-37266
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in npm/steal
Identifiers
CVE-2022-37266
Package Slug
npm/steal
Vulnerability
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Description
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js.
Affected Versions
Version 2.2.4
Solution
Upgrade to version 2.3.0 or above.
Last Modified
2022-09-20
| source |