Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-21824

Good to know:

icon

Date: February 24, 2022

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.

Language: JS

Severity Score

Related Resources (16)

https://hackerone.com/reports/1431042
https://nvd.nist.gov/vuln/detail/CVE-2022-21824
https://security-tracker.debian.org/tracker/CVE-2022-21824
https://github.com/nodejs/node/commit/be69403528
https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
https://security.netapp.com/advisory/ntap-20220325-0007/
https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2022-21824
https://security.netapp.com/advisory/ntap-20220729-0004/
https://security.alpinelinux.org/vuln/CVE-2022-21824
https://www.debian.org/security/2022/dsa-5170
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://access.redhat.com/security/cve/CVE-2022-21824
https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824
https://www.mend.io/vulnerability-database/CVE-2022-21824

Severity Score

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

icon

Upgrade Version

Upgrade to version v12.22.9, v14.18.3, v16.13.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us