A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
References
Link | Resource |
---|---|
https://hackerone.com/reports/390847 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/12/msg00006.html | Mailing List Third Party Advisory |
Information
Published : 2018-11-06 11:29
Updated : 2023-02-03 10:57
NVD link : CVE-2018-16472
Mitre link : CVE-2018-16472
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
debian
- debian_linux
cached-path-relative_project
- cached-path-relative