Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-23518: Prototype Pollution in org.webjars.npm:cached-path-relative | CVE-2021-23518 | Snyk

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as proto, the attribute of the object is accessed instead of a path.

Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

CVE
Open in Source
#vulnerability#web#nodejs#js#java

  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

  • snyk-id

    SNYK-JAVA-ORGWEBJARSNPM-2348246

  • published

    20 Jan 2022

  • disclosed

    19 Jan 2022

  • credit

    P.Adithya Srinivas, Masudul Hasan Masud Bhuiyan, Cristian-Alexandru Staicu

How to fix?

Overview

Details

Types of attacks

Affected environments

How to prevent

References

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE