Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-23518

Опубликовано: 21 янв. 2022
Источник: ubuntu
Приоритет: low
CVSS2: 7.5
CVSS3: 7.3

Описание

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as proto, the attribute of the object is accessed instead of a path. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

focal

ignored

end of standard support, was needs-triage
impish

ignored

end of life
jammy

needs-triage

kinetic

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

7.5 High

CVSS2

7.3 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-23518

CVSS3: 8.6
redhat
около 4 лет назад

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

nvd логотип

CVE-2021-23518

CVSS3: 7.3
nvd
около 4 лет назад

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

debian логотип

CVE-2021-23518

CVSS3: 7.3
debian
около 4 лет назад

The package cached-path-relative before 1.1.0 are vulnerable to Protot ...

github логотип

GHSA-wg6g-ppvx-927h

CVSS3: 7.3
github
около 4 лет назад

Prototype Pollution in cached-path-relative

7.5 High

CVSS2

7.3 High

CVSS3