Prototype pollution in steal - CVE-2022-37264
Published: September 20, 2022
steal
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to prototype pollution flaw in the optionName variable in main.js. A remote attacker can add or modify properties of Object.prototype using a __proto__ or constructor payload and execute arbitrary code on the target system.