Vulnerabilities > Cached Path Relative Project

DATE CVE VULNERABILITY TITLE RISK
2022-01-21 CVE-2021-23518 The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path.
network
low complexity
cached-path-relative-project debian
critical
9.8
2018-11-06 CVE-2018-16472 Improper Input Validation vulnerability in multiple products
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
network
low complexity
cached-path-relative-project debian CWE-20
7.5