BIT-node-2022-21824

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2022-21824.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-node-2022-21824
Aliases
Published
2024-03-06T11:04:27.691Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.

References

Affected packages

Bitnami / node

Package

Name
node
Purl
pkg:bitnami/node

Severity

  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
12.0.0
Fixed
12.22.9
Introduced
14.0.0
Fixed
14.18.3
Introduced
16.0.0
Fixed
16.13.2
Introduced
17.0.0
Fixed
17.3.1