CVE-2018-16472Uncontrolled Resource Consumption in Node-cached-path-relative

CWE-400Uncontrolled Resource ConsumptionCWE-20Improper Input Validation7 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 33.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian Node-cached-path-relativeCached-path-relative Project Cached-path-relativeNPM Cached-path-relative+1 more
Timeline
PublishedNov 6
Latest updateNov 12

Description

A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/node-cached-path-relative< node-cached-path-relative 1.0.2-1 (bookworm)
CVEListV5npm/cached-path-relative<=1.0.1

Also affects: Debian Linux 10.0

🔴Vulnerability Details

3
GHSA
Prototype Pollution in cached-path-relative2018-11-07
OSV
Prototype Pollution in cached-path-relative2018-11-07
OSV
CVE-2018-16472: A prototype pollution attack in cached-path-relative versions <=12018-11-06

📋Vendor Advisories

2
Red Hat
nodejs-cached-path-relative: prototype pollution due to injected properties on Object.prototype2018-11-02
Debian
CVE-2018-16472: node-cached-path-relative - A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an ...2018

💬Community

1
Bugzilla
CVE-2018-16472 nodejs-cached-path-relative: prototype pollution due to injected properties on Object.prototype2018-11-12