UBUNTU-CVE-2022-21824

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-21824

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-21824.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-21824

Related

CVE-2022-21824

Published

2022-02-24T19:15:00Z

Modified

2024-10-15T14:09:45Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Summary

[none]

Details

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.

References

Affected packages

Ubuntu:22.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22.9~dfsg-1ubuntu3

Affected versions

12.*

12.22.5~dfsg-5ubuntu1

12.22.7~dfsg-2ubuntu1

12.22.7~dfsg-2ubuntu3

12.22.9~dfsg-1ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3",
            "binary_name": "libnode-dev"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3",
            "binary_name": "libnode72"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3",
            "binary_name": "libnode72-dbgsym"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3",
            "binary_name": "nodejs"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3",
            "binary_name": "nodejs-dbgsym"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3",
            "binary_name": "nodejs-doc"
        }
    ]
}

Ubuntu:24.10 / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

18.*

18.19.1+dfsg-6ubuntu5

18.20.1+dfsg-4ubuntu4

20.*

20.13.1+dfsg-2ubuntu6

20.14.0+dfsg-1ubuntu1

20.14.0+dfsg-2ubuntu1

20.14.0+dfsg-3ubuntu1

20.15.0+dfsg-1ubuntu3

20.16.0+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

18.*

18.13.0+dfsg1-1ubuntu2

18.19.1+dfsg-2ubuntu4

18.19.1+dfsg-6ubuntu1

18.19.1+dfsg-6ubuntu2

18.19.1+dfsg-6ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}