steal vulnerable to Prototype Pollution via alias variable
Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.
Advisories for Npm/Steal package
2022
steal Inefficient Regular Expression Complexity vulnerability via string variable
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.
Uncontrolled Resource Consumption
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js.
Incorrect Comparison
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js.
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js.