Page 6 of 26 results (0.014 seconds)

CVSS: 8.2EPSS: 1%CPEs: 16EXPL: 0

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to. Debido a la lógica de formato de la función "console.table()" no era seguro permitir que pasara la entrada controlada por el usuario al parámetro "properties" mientras pasaba simultáneamente un objeto plano con al menos una propiedad como primer parámetro, que podía ser "__proto__". La contaminación del prototipo presenta un control muy limitado, ya que sólo permite asignar una cadena vacía a las claves numéricas del prototipo del objeto.Node.js versiones posteriores a 12.22.9 incluyéndola, versiones posteriores a 14.18.3 incluyéndola, versiones posteriores a 16.13.2 incluyéndola, y versiones posteriores a 17.3.1 incluyéndola, usan un prototipo nulo para el objeto al que es asignada estas propiedades. • https://hackerone.com/reports/1431042 https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases https://security.netapp.com/advisory/ntap-20220325-0007 https://security.netapp.com/advisory/ntap-20220729-0004 https://www.debian.org/security/2022/dsa-5170 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-2 • CWE-471: Modification of Assumed-Immutable Data (MAID) CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •