PT-2021-6095 · Node.Js+8 · Node.Js+8
Published
2021-08-20
·
Updated
2024-12-16
·
CVE-2022-21824
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
Node.js versions prior to 12.22.9
Node.js versions prior to 14.18.3
Node.js versions prior to 16.13.2
Node.js versions prior to 17.3.1
Description
The issue is related to the formatting logic of the
console.table() function, which allows user-controlled input to be passed to the properties parameter. This can lead to prototype pollution, enabling an attacker to assign an empty string to numerical keys of the object prototype. The pollution has limited control.Recommendations
For Node.js versions prior to 12.22.9, update to version 12.22.9 or later.
For Node.js versions prior to 14.18.3, update to version 14.18.3 or later.
For Node.js versions prior to 16.13.2, update to version 16.13.2 or later.
For Node.js versions prior to 17.3.1, update to version 17.3.1 or later.
Fix
Prototype Pollution
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Node.Js
Red Hat
Red Os
Rocky Linux
Suse