steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments
- Severity:
- High
Description
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal via the source and sourceWithComments variable in main.js.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.3.0
References
Related Issues
- Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint - CVE-2025-65019
- Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs - CVE-2025-62374
- Making all attributes on a content-type public without noticing it (GHSA-chmr-rg2f-9jmf) 2 - CVE-2023-34093
- AngularJS allows attackers to bypass common image source restrictions (GHSA-mqm9-c95h-x2p6) - CVE-2024-8373
- Tags:
- npm
- steal
Anything's wrong? Let us know Last updated on August 17, 2023