GHSA-c429-5p7v-vgjp

Source
https://github.com/advisories/GHSA-c429-5p7v-vgjp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c429-5p7v-vgjp/GHSA-c429-5p7v-vgjp.json
Aliases
Published
2022-09-25T00:00:27Z
Modified
2023-11-08T04:03:48.095458Z
Details

hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.

References

Affected packages

npm / @hapi/hoek

Package

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
8.5.1

Ecosystem specific

{
    "affected_functions": [
        "(@hapi/hoek).clone"
    ]
}

npm / @hapi/hoek

Package

Affected ranges

Type
SEMVER
Events
Introduced
9.0.0
Fixed
9.0.3

Ecosystem specific

{
    "affected_functions": [
        "(@hapi/hoek).clone"
    ]
}

npm / hoek

Package

Name
hoek

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Last affected
6.1.3

Ecosystem specific

{
    "affected_functions": [
        "(hoek).clone"
    ]
}