32 matches found
Design/Logic Flaw
Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...
CVE-2022-21824
Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...
CVE-2022-21824
Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...
CVE-2022-21824
CVE-2022-21824 is a prototype pollution vulnerability in Node.js linked to console.table properties. It affects Node.js prior to patched releases and can be triggered when user-controlled data is passed as the first parameter with a plain object containing an own property such as proto . Public a...
MGASA-2022-0077 Updated nodejs packages fix security vulnerability
Improper handling of URI Subject Alternative Names Medium. Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often n...
Updated nodejs packages fix security vulnerability
Improper handling of URI Subject Alternative Names Medium. Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often n...
Node.js 12.x < 12.22.9 / 14.x < 14.18.3 / 16.x < 16.13.2 / 17.x < 17.3.1 Multiple Vulnerabilities (January 10th 2022 Security Releases).
The version of Node.js installed on the remote host is prior to 12.22.9, 14.18.3, 16.13.2, 17.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the January 10th 2022 Security Releases advisory. - Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is...
ROS-20220125-10
A vulnerability in the Node.js software platform is related to the formatting logic of the console.table function. Exploitation of the vulnerability could allow an attacker acting remotely to send a special request and assign an empty string to the prototype object's numeric keys A vulnerability ...
openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2022:0112-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0112-1 advisory. - Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in...
CVE-2022-21824
Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...
Prototype Pollution
nodejs is vulnerable to Prototype Pollution. The vulnerability exists due to the formatting logic of the console.table function which allows an attacker to pass to the "properties" parameter...
Node.js: Prototype pollution via console.table properties
Summary: Attacker control of the second properties parameter of console.table may lead to prototype pollution. Description: Due to the formatting logic of the console.table function it is not safe to allow user controlled input to be passed to the properties parameter while simultaneously passing...