CVE-2018-16472

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions cached-path-relative versions <=1.0.1

Description A prototype pollution attack allows an attacker to inject properties on Object.prototype, which are then inherited by all the JS objects through the prototype chain, causing a Denial of Service (DoS) attack.

Recommendations Update to version 1.0.2 or later.

Fix

DoS

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

CVE-2018-16472

DLA-3221-1

GHSA-HC9W-4P87-J549

Affected Products

Cached-Path-Relative

CVE-2018-16472

Weakness Enumeration

Related Identifiers

Affected Products

References · 15