Affecting cached-path-relative package, versions <1.0.2
cached-path-relative memoize the results of the path.relative function.
Affected versions of this package are vulnerable to Prototype Pollution. An attacker could inject properties on
Object.prototype which are then inherited by all the JS objects through the prototype chain.
cached-path-relative to version 1.0.2 or higher.
Do your applications use this vulnerable package?
- Cristian-Alexandru Staicu
- Snyk ID
- 06 Aug, 2018
- 08 Nov, 2018