steal [CVE-2022-37261]/Prototype pollution found in npm-extension.js

[CVE-2022-37261]/Prototype pollution found in npm-extension.js

Open secdevlpr26 opened this issue 2 years ago • 0 comments

Prototype pollution vulnerability in function addNpmExtension in npm-extension.js in stealjs steal 2.3.0-pre.0 via the name variable in npm-extension.js.

The prototype pollution vulnerability can be mitigated with several best practices described here: https://learn.snyk.io/lessons/prototype-pollution/javascript/

Sep 14 '22 09:09 secdevlpr26

steal steal copied to clipboard

[CVE-2022-37261]/Prototype pollution found in npm-extension.js

steal
steal copied to clipboard