Lucene search
HackeroneCVELIST:CVE-2018-3728HistoryMar 30, 2018 - 7:00 p.m.
CVE-2018-3728
2018-03-3019:00:00
CWE-471
hackerone
www.cve.org
8
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via ‘merge’ and ‘applyToDefaults’ functions, which allows a malicious user to modify the prototype of “Object” via proto, causing the addition or modification of an existing property that will exist on all objects.
CNA Affected
[
{
"product": "hoek node module",
"vendor": "hapi",
"versions": [
{
"status": "affected",
"version": "Versions before 5.0.3"
}
]
}
]Related
hackerone
hackerone
Node.js third-party modules: Prototype pollution attack (Hoek)
2018-01-30 06:24:55
redhatcve
redhatcve
CVE-2018-3728
2020-04-01 02:12:07
prion
prion
Code injection
2018-03-30 19:29:00
osv
osv
Prototype Pollution in hoek
2018-04-26 15:25:17
CVE-2018-3728
2018-03-30 19:29:00
ibm
ibm
cve
cve
CVE-2018-3728
2018-03-30 19:29:00
nvd
nvd
CVE-2018-3728
2018-03-30 19:29:00
nessus
nessus
RHEL 8 : hoek (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 8 : nodejs-hoek (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 7 : Red Hat Mobile Application Platform 4.6.0 (RHSA-2018:1263)
2018-05-04 00:00:00
ubuntucve
ubuntucve
CVE-2018-3728
2018-03-30 00:00:00
debiancve
debiancve
CVE-2018-3728
2018-03-30 19:29:00
veracode
veracode
Prototype Pollution
2018-02-15 05:41:21
nodejs
nodejs
Prototype Pollution
2018-04-20 21:25:58
github
github
Prototype Pollution in hoek
2018-04-26 15:25:17
redhat
redhat