Vulnerabilities > Cached Path Relative Project > Cached Path Relative > 1.0.2

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-21	CVE-2021-23518	The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. network low complexity cached-path-relative-project debian critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.