Unrated severityNVD Advisory· Published Feb 24, 2022· Updated Apr 30, 2025
CVE-2022-21824
CVE-2022-21824
Description
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
45- osv-coords43 versionspkg:bitnami/nodepkg:bitnami/node-minpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/npmpkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/htmldoc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs16&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/nodejs17&distro=openSUSE%20Tumbleweedpkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/htmldoc&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/nodejs10&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/nodejs10&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3
>= 12.0.0, < 12.22.9+ 42 more
- (no CPE)range: >= 12.0.0, < 12.22.9
- (no CPE)range: >= 12.0.0, < 12.22.9
- (no CPE)range: < 1:14.20.1-2.module_el8.7.0+3342+b2df8497
- (no CPE)range: < 1:14.20.1-2.module_el8.7.0+3342+b2df8497
- (no CPE)range: < 1:14.20.1-2.module_el8.7.0+3342+b2df8497
- (no CPE)range: < 1:14.20.1-2.module_el8.7.0+3342+b2df8497
- (no CPE)range: < 2.0.19-2.module_el8.6.0+3261+490666b3
- (no CPE)range: < 23-3.module_el8.4.0+2522+3bd42762
- (no CPE)range: < 1:6.14.17-1.14.20.1.2.module_el8.7.0+3342+b2df8497
- (no CPE)range: < 100.0.4896.88-bp153.2.82.1
- (no CPE)range: < 1.9.12-bp153.2.9.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 12.22.9-4.25.1
- (no CPE)range: < 14.18.3-15.24.1
- (no CPE)range: < 16.13.2-1.1
- (no CPE)range: < 17.3.1-1.1
- (no CPE)range: < 100.0.4896.88-bp153.2.82.1
- (no CPE)range: < 1.9.12-bp153.2.9.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-1.46.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 12.22.9-1.38.1
- (no CPE)range: < 12.22.9-4.25.1
- (no CPE)range: < 14.18.3-6.21.1
- (no CPE)range: < 14.18.3-15.24.1
Patches
Vulnerability mechanics
References
8- www.debian.org/security/2022/dsa-5170mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2022/10/msg00006.htmlmitremailing-list
- hackerone.com/reports/1431042mitre
- nodejs.org/en/blog/vulnerability/jan-2022-security-releases/mitre
- security.netapp.com/advisory/ntap-20220325-0007/mitre
- security.netapp.com/advisory/ntap-20220729-0004/mitre
- www.oracle.com/security-alerts/cpuapr2022.htmlmitre
- www.oracle.com/security-alerts/cpujul2022.htmlmitre
News mentions
0No linked articles in our index yet.