Every CVE whose affected-product data names Stealjs Steal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-37257 — CVSS 9.8 (critical): Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in…
CVE-2022-37258 — CVSS 9.8 (critical): Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in…
CVE-2022-37266 — CVSS 9.8 (critical): Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js.
CVE-2022-37259 — CVSS 7.5 (high): A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.
CVE-2022-37260 — CVSS 7.5 (high): A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js.
CVE-2022-37262 — CVSS 7.5 (high): A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in…