CVE-2022-21824 vulnerability in nodejs and Other Products

CVE-2022-21824 vulnerability in nodejs and Other Products
Published on February 24, 2022

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.

Weakness Type

What is a MAID Vulnerability?

The software does not properly protect an assumed-immutable element from being modified by an attacker. This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.

CVE-2022-21824 has been classified to as a MAID vulnerability or weakness.

Products Associated with CVE-2022-21824

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-21824 are published in these products:

Affected Versions

Version 4.0 and below 4.* is affected.

Version 5.0 and below 5.* is affected.

Version 6.0 and below 6.* is affected.

Version 7.0 and below 7.* is affected.

Version 8.0 and below 8.* is affected.

Version 9.0 and below 9.* is affected.

Version 10.0 and below 10.* is affected.

Version 11.0 and below 11.* is affected.

Version 12.0 and below 12.22.9 is affected.

Version 13.0 and below 13.* is affected.

Version 14.0 and below 14.18.3 is affected.

Version 15.0 and below 15.* is affected.

Version 16.0 and below 16.13.2 is affected.

Version 17.0 and below 17.3.1 is affected.

Exploit Probability

EPSS

0.34%

Percentile

55.89%