steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments
- Severity:
- High
Description
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal via the source and sourceWithComments variable in main.js.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.3.0
References
Related Issues
- steal vulnerable to Regular Expression Denial of Service via input variable - CVE-2022-37260
- angular vulnerable to regular expression denial of service via the <input type="url"> element - CVE-2023-26118
- angular vulnerable to regular expression denial of service via the angular.copy() utility - CVE-2023-26116
- angular vulnerable to regular expression denial of service via the $resource service - CVE-2023-26117
- Tags:
- npm
- steal
Anything's wrong? Let us know Last updated on August 17, 2023