CVE-2022-37265

Name of the Vulnerable Software and Affected Versions stealjs steal version 2.2.4

Description The issue is related to a prototype pollution vulnerability in stealjs steal, specifically via the alias variable in babel.js. This vulnerability can be exploited, but details about the estimated number of potentially affected devices worldwide or real-world incidents are not provided.

Recommendations For stealjs steal version 2.2.4, consider disabling the alias variable in babel.js as a temporary workaround until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the alias variable in the affected configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.