{"vulnerability": "CVE-2022-3726", "sightings": [{"uuid": "ac2fda2f-28cd-4fcd-9052-fcc35a773ba0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37265", "type": "seen", "source": "https://t.me/cibsecurity/50159", "content": "\u203c CVE-2022-37265 \u203c\n\nPrototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T22:39:40.000000Z"}, {"uuid": "f1f30455-df1f-4099-8c08-8dfdbe7c3bbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3726", "type": "seen", "source": "https://t.me/cibsecurity/52806", "content": "\u203c CVE-2022-3726 \u203c\n\nLack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T02:49:59.000000Z"}, {"uuid": "ea73d2e9-932c-40c6-9fb0-bcf34041a295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37264", "type": "seen", "source": "https://t.me/cibsecurity/49841", "content": "\u203c CVE-2022-37264 \u203c\n\nPrototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-15T20:27:51.000000Z"}]}