CVE-2018-16472 (High) detected in cached-path-relative-1.0.1.tgz #9
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
1 task
1 task
1 task
1 task
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2018-16472 - High Severity Vulnerability
Memoize the results of the path.relative function
Library home page: https://registry.npmjs.org/cached-path-relative/-/cached-path-relative-1.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/cached-path-relative/package.json
Dependency Hierarchy:
Found in HEAD commit: e09ef1e3a45be925a41a2e1aa6a0bcbc6b3c41ea
Found in base branch: master
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
Mend Note: Converted from WS-2018-0215, on 2022-11-08.
Publish Date: 2018-11-06
URL: CVE-2018-16472
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16472
Release Date: 2018-11-06
Fix Resolution (cached-path-relative): 1.0.2
Direct dependency fix Resolution (karma): 2.0.2
⛑️ Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: