Due to the formatting logic of the console.table() function it was not safe to allow user controlled input to be passed to the properties parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be __proto__. The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.
Versions of Node.js with the fix for this use a null protoype for the object these properties are being assigned to.
Created nodejs tracking bugs for this issue:
Affects: epel-7 [bug 2040867]
Affects: fedora-all [bug 2040863]
Created nodejs:12/nodejs tracking bugs for this issue:
Affects: fedora-all [bug 2040864]
Created nodejs:14/nodejs tracking bugs for this issue:
Affects: fedora-all [bug 2040865]
Created nodejs:16/nodejs tracking bugs for this issue:
Affects: fedora-all [bug 2040866]
Upstream fix :
Hacker One report :