npm package
cached-path-relative
pkg:npm/cached-path-relative
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23518 | — | < 1.1.0 | 1.1.0 | Jan 21, 2022 | The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create | ||
| CVE-2018-16472 | — | < 1.0.2 | 1.0.2 | Nov 6, 2018 | A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack. |
- CVE-2021-23518Jan 21, 2022affected < 1.1.0fixed 1.1.0
The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create
- CVE-2018-16472Nov 6, 2018affected < 1.0.2fixed 1.0.2
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.