Description
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
Remediation
References
https://hackerone.com/reports/390847
https://lists.debian.org/debian-lts-announce/2022/12/msg00006.html
Related Vulnerabilities
CVE-2011-4367 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project
CVE-2022-36944 Vulnerability in maven package org.scala-lang:scala-library
CVE-2020-25689 Vulnerability in maven package org.wildfly.core:wildfly-protocol
CVE-2019-19771 Vulnerability in npm package coinpayment
CVE-2021-36374 Vulnerability in maven package org.apache.ant:ant