Prototype Pollution in asciitable.js

Description

The package asciitable.js before 1.0.3 is vulnerable to Prototype Pollution via the main function.

Recommendation

Update the asciitable.js package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.0.3
• Patched version(s): 1.0.3

References

• GHSA-5pxj-mhwj-x5gv
• snyk.io
• CVE-2020-7771
• CWE-400
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Prototype Pollution in systeminformation - CVE-2020-26245
• shvl vulnerable to prototype pollution - CVE-2020-28278
• Prototype pollution in gsap - CVE-2020-28478
• yargs-parser Vulnerable to Prototype Pollution - CVE-2020-7608

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

asciitable.js