CVE-2021-23518 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-23518 PUBLISHED

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

EPSS 0.65% · 70.6th percentile

Risk Scores

EPSS Score

0.65%

70.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:25.10	node-cached-path-relative	0, 1.1.0+~1.0.0-3
Ubuntu:18.04:LTS	node-cached-path-relative	0, 1.0.1-1
Ubuntu:24.04:LTS	node-cached-path-relative	0, 1.1.0+~1.0.0-3
Ubuntu:22.04:LTS	node-cached-path-relative	1.0.2-2, 1.1.0+~1.0.0-1, 1.0.2-3
Ubuntu:20.04:LTS	node-cached-path-relative	1.0.2-1, 0

Timeline

Jan 21, 2022 CVE Published
Jan 22, 2022 EPSS Score
Mar 15, 2022 EPSS Score
May 7, 2022 EPSS Score
Aug 21, 2022 EPSS Score
Oct 12, 2022 EPSS Score
Dec 4, 2022 EPSS Score
Jan 25, 2023 EPSS Score
Feb 3, 2023 CVE Updated
Mar 7, 2023 EPSS Score
Mar 19, 2023 EPSS Score
Jul 1, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2021-23518 third-party-advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2348246 third-party-advisory
https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760 third-party-advisory
https://snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-2342653 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-23518 third-party-advisory

Open in Interactive Console →