Lucene search
GitHub Advisory DatabaseGHSA-C429-5P7V-VGJPHistorySep 25, 2022 - 12:00 a.m.
hoek subject to prototype pollution via the clone function.
2022-09-2500:00:27
CWE-1321
GitHub Advisory Database
github.com
97
hoek
prototype pollution
clone function
vulnerability
software update
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
60.5%
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
Affected configurations
Node
hoekRange≤6.1.3
ORhapihoekRange9.0.0–9.0.3
ORhapihoekRange<8.5.1
Related
redhatcve
redhatcve
CVE-2020-36604
2022-09-26 10:18:57
nvd
nvd
CVE-2020-36604
2022-09-23 06:15:08
cgr
cgr
CVE-2020-36604 vulnerabilities
2024-05-19 03:07:16
prion
prion
Design/Logic Flaw
2022-09-23 06:15:00
cvelist
cvelist
CVE-2020-36604
2022-09-23 05:28:11
ubuntucve
ubuntucve
CVE-2020-36604
2022-09-23 00:00:00
osv
osv
hoek subject to prototype pollution via the clone function.
2022-09-25 00:00:27
CVE-2020-36604
2022-09-23 06:15:08
CGA-gx4m-962g-vxjh
2024-06-06 12:27:34
wolfi
wolfi
CVE-2020-36604 vulnerabilities
2024-10-01 21:13:23
veracode
veracode
Prototype Pollution
2022-09-30 07:47:05
debiancve
debiancve
CVE-2020-36604
2022-09-23 06:15:08
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-03-30 15:19:31
cve
cve
CVE-2020-36604
2022-09-23 06:15:08
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
60.5%
Related for GHSA-C429-5P7V-VGJP