File CVE-2022-21824.patch of Package nodejs10

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2022-21824.patch of Package nodejs10

commit be69403528da99bf3df9e1dc47186f18ba59cb5e
Author: Tobias Nießen <tniessen@tnie.de>
Date:   Tue Dec 21 18:03:15 2021 +0000

console: fix prototype pollution via console.table
    
    CVE-ID: CVE-2022-21824
    Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/308
    PR-URL: https://github.com/nodejs-private/node-private/pull/307
    Refs: https://hackerone.com/reports/1431042
    Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
    Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Richard Lau <rlau@redhat.com>
    Reviewed-By: Michael Dawson <midawson@redhat.com>
    Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

Index: node-v10.24.1/test/parallel/test-console-table.js
===================================================================
--- node-v10.24.1.orig/test/parallel/test-console-table.js
+++ node-v10.24.1/test/parallel/test-console-table.js
@@ -244,3 +244,18 @@ test([{ a: 1, b: 'Y' }, { a: 'Z', b: 2 }
 │    1    │ 'Z' │  2  │
 └─────────┴─────┴─────┘
 `);
+
+// Regression test for prototype pollution via console.table. Earlier versions
+// of Node.js created an object with a non-null prototype within console.table
+// and then wrote to object[column][index], which lead to an error as well as
+// modifications to Object.prototype.
+test([{ foo: 10 }, { foo: 20 }], ['__proto__'], `
+┌─────────┬───────────┐
+│ (index) │ __proto__ │
+├─────────┼───────────┤
+│    0    │           │
+│    1    │           │
+└─────────┴───────────┘
+`);
+assert.strictEqual('0' in Object.prototype, false);
+assert.strictEqual('1' in Object.prototype, false);
Index: node-v10.24.1/lib/console.js
===================================================================
--- node-v10.24.1.orig/lib/console.js
+++ node-v10.24.1/lib/console.js
@@ -425,7 +425,7 @@ Console.prototype.table = function(tabul
     ]);
   }
 
-  const map = {};
+  const map = Object.create(null);
   let hasPrimitives = false;
   const valuesKeyArray = [];
   const indexKeyArray = ObjectKeys(tabularData);

Places

File CVE-2022-21824.patch of Package nodejs10

Places