What is CVE-2022-21824?

CVE-2022-21824 is a vulnerability in Nodejs Node, classified under Modification of Assumed-Immutable Data (MAID). Published 2022-02-24.

Is CVE-2022-21824 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Nodejs Node

CVE-2022-21824

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first par…

EPSS: 0.003 (57.0th percentile) — read the EPSS interpretation.

Affected products

Nodejs Node — versions 4.0, 5.0, 6.0

Weakness classification (CWE)

CWE-471 — Modification of Assumed-Immutable Data (MAID)

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
bunji2/NodeJS_
codebyebrahim/laravel-vuln-checker
cr4zyd34thg0d/Wiz_
cyb3r-w0lf/nuclei-template-collection
strellic/my-ctf-challenges

References

nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
hackerone.com/reports/1431042
www.oracle.com/security-alerts/cpuapr2022.html
security.netapp.com/advisory/ntap-20220325-0007/
DSA-5170 (vendor-advisory)
www.oracle.com/security-alerts/cpujul2022.html
security.netapp.com/advisory/ntap-20220729-0004/
[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update (mailing-list)

Frequently asked questions

What is CVE-2022-21824?: CVE-2022-21824 is a vulnerability in Nodejs Node, classified under Modification of Assumed-Immutable Data (MAID). Published 2022-02-24.
Is CVE-2022-21824 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.