steal vulnerable to Regular Expression Denial of Service via input variable
- Severity:
- High
Description
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal via the input variable in main.js.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.3.0
References
Related Issues
- Webrecorder packages are vulnerable to XSS through 404 error handling logic - CVE-2025-58765
- DOM Clobbering Gadget found in astro's client-side router that leads to XSS - CVE-2024-47885
- @strapi/plugin-content-manager leaks data via relations via the Admin Panel - CVE-2024-29181
- Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin - Vulnerability
- Tags:
- npm
- steal
Anything's wrong? Let us know Last updated on September 07, 2023