A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
References
Link | Resource |
---|---|
https://hackerone.com/reports/390847 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/12/msg00006.html | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2018-11-06T00:00:00
Updated: 2022-12-05T00:00:00
Reserved: 2018-09-04T00:00:00
Link: CVE-2018-16472
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-11-06T19:29:00.227
Modified: 2023-02-03T18:57:06.010
Link: CVE-2018-16472
JSON object: View
Redhat Information
No data.