An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyaDctN3d3Zy1xbWdn
Prototype Pollution in @hapi/hoek
@hapi/hoek prior to 8.5.1 and 9.0.3 are vulnerable to Prototype Pollution. The
clone function fails to prevent the modification of the Object prototype when passed specially-crafted input. Attackers may use this to change existing properties that exist in all objects, which may lead to Denial of Service or Remote Code Execution in specific circumstances.
This issue does not affect hapi applications since the framework protects against such malicious inputs. Applications that use
@hapi/hoek outside of the hapi ecosystem may be vulnerable.
Update to version 8.5.1, 9.0.3 or later.Permalink: https://github.com/advisories/GHSA-22h7-7wwg-qmgg
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 9 months ago
Fixed in: 9.0.3, 8.5.1