Vulnerabilities > Cached Path Relative Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-21 | CVE-2021-23518 | The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. | 9.8 |
2018-11-06 | CVE-2018-16472 | Improper Input Validation vulnerability in multiple products A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack. | 7.5 |