CVE-2022-21824

HIGH Year: 2022
CVSS v3 Score
8.2
High
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-471
View all →

Vulnerability Description

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.

Related Vulnerabilities

CVE-2022-2390

HIGH
CVSS:8.4(High)

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this...

CWE-4712022

CVE-2020-26237

HIGH
CVSS:8.7(High)

Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will r...

CWE-4712020

CVE-2018-3719

HIGH
CVSS:8.8(High)

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing...

CWE-4712018

CVE-2018-3720

HIGH
CVSS:8.8(High)

assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causin...

CWE-4712018

CVE-2018-3722

HIGH
CVSS:8.8(High)

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing...

CWE-4712018

CVE-2018-3723

HIGH
CVSS:8.8(High)

defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, caus...

CWE-4712018