CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
85.0%
The package cached-path-relative before 1.1.0 are vulnerable to Prototype
Pollution via the cache variable that is set as {} instead of
Object.create(null) in the cachedPathRelative function, which allows access
to the parent prototype properties when the object is used to create the
cached relative path. When using the origin path as proto, the
attribute of the object is accessed instead of a path. Note: This
vulnerability derives from an incomplete fix in
https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | node-cached-path-relative | < any | UNKNOWN |
ubuntu | 20.04 | noarch | node-cached-path-relative | < any | UNKNOWN |
ubuntu | 22.04 | noarch | node-cached-path-relative | < any | UNKNOWN |
ubuntu | 24.04 | noarch | node-cached-path-relative | < any | UNKNOWN |
github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
launchpad.net/bugs/cve/CVE-2021-23518
nvd.nist.gov/vuln/detail/CVE-2021-23518
security-tracker.debian.org/tracker/CVE-2021-23518
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2348246
snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-2342653
www.cve.org/CVERecord?id=CVE-2021-23518
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
85.0%