Prototype Pollution in asciitable.js

Description

The package asciitable.js before 1.0.3 is vulnerable to Prototype Pollution via the main function.

Recommendation

Update the asciitable.js package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.0.3
• Patched version(s): 1.0.3

References

• GHSA-5pxj-mhwj-x5gv
• snyk.io
• CVE-2020-7771
• CWE-400
• CAPEC-310
• OWASP 2021-A6

Related Issues

• yargs-parser Vulnerable to Prototype Pollution - CVE-2020-7608
• Prototype pollution in class-transformer - CVE-2020-7637
• Prototype Pollution in madlib-object-utils - madlib-object-utils - CVE-2020-7701
• Prototype pollution in pathval - CVE-2020-7751

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

asciitable.js