CVE-2018-16472 (High) detected in cached-path-relative-1.0.1.tgz #77
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2018-16472 - High Severity Vulnerability
Memoize the results of the path.relative function
Library home page: https://registry.npmjs.org/cached-path-relative/-/cached-path-relative-1.0.1.tgz
Path to dependency file: /angular-shopping/package.json
Path to vulnerable library: /tmp/git/angular-shopping/node_modules/cached-path-relative/package.json
Dependency Hierarchy:
Found in HEAD commit: 3939849c2526b7266dd01f587c13c4fb7ca4d43c
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
Publish Date: 2018-11-06
URL: CVE-2018-16472
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16472
Release Date: 2018-11-06
Fix Resolution: 1.0.2
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: