VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Cached Path Relative Project
>
Cached Path Relative
> 1.0.2
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2022-01-21
CVE-2021-23518
The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path.
network
low complexity
cached-path-relative-project
debian
critical
9.8
9.8