steal@2.3.0-pre.0 vulnerabilities

Gets JavaScript.

Direct Vulnerabilities

Known vulnerabilities in the steal package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Prototype Pollution

steal is a Gets JavaScript.

Affected versions of this package are vulnerable to Prototype Pollution via the alias variable in babel.js.

How to fix Prototype Pollution?

There is no fixed version for steal.

*
  • M
Regular Expression Denial of Service (ReDoS)

steal is a Gets JavaScript.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regex in the string variable of babel.js.

How to fix Regular Expression Denial of Service (ReDoS)?

There is no fixed version for steal.

*
  • M
Prototype Pollution

steal is a Gets JavaScript.

Affected versions of this package are vulnerable to Prototype Pollution via the packageName variable in npm-convert.js.

How to fix Prototype Pollution?

There is no fixed version for steal.

*
  • M
Regular Expression Denial of Service (ReDoS)

steal is a Gets JavaScript.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the input variable.

How to fix Regular Expression Denial of Service (ReDoS)?

There is no fixed version for steal.

*
  • M
Regular Expression Denial of Service (ReDoS)

steal is a Gets JavaScript.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the source and sourceWithComments variables.

How to fix Regular Expression Denial of Service (ReDoS)?

There is no fixed version for steal.

*
  • H
Prototype Pollution

steal is a Gets JavaScript.

Affected versions of this package are vulnerable to Prototype Pollution via the optionName variable.

How to fix Prototype Pollution?

There is no fixed version for steal.

*
  • M
Prototype Pollution

steal is a Gets JavaScript.

Affected versions of this package are vulnerable to Prototype Pollution in the function convertLater, via the requestedVersion variable.

How to fix Prototype Pollution?

There is no fixed version for steal.

*
  • M
Prototype Pollution

steal is a Gets JavaScript.

Affected versions of this package are vulnerable to Prototype Pollution in the extend() function, via the key variable.

How to fix Prototype Pollution?

There is no fixed version for steal.

*