cached-path-relative is vulnerable to prototype pollution. The vulnerability exists due to a lack of sanitization for the key types, allowing an attacker to exploit the vulnerability by injecting arbitrary properties into existing construct prototypes and modify attributes such as __proto__
, constructor
and prototype
via the cachedPathRelative
function.