Cached-path-relative Project

Cached-path-relative

2 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-23518

Exploit
  • EPSS 0.13%
  • Published 21.01.2022 20:15:07
  • Last modified 21.11.2024 05:51:48

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties whe...

7.5

CVE-2018-16472

  • EPSS 0.31%
  • Published 06.11.2018 19:29:00
  • Last modified 21.11.2024 03:52:49

A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.