hoek is vulnerable to prototype pollution attacks. Attackers can add or modify existing properties relating to an Object by using the utilities function to change the prototype of said Object. Using this flaw, attackers can trigger denial of service (DoS) attacks and in some situations remote code execution (RCE) attacks.
www.securityfocus.com/bid/103108
access.redhat.com/errata/RHSA-2018:1263
access.redhat.com/errata/RHSA-2018:1264
github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee
github.com/hapijs/hoek/commit/5aed1a8c4a3d55722d1c799f2368857bf418d6df
hackerone.com/reports/310439
nodesecurity.io/advisories/566
www.npmjs.com/advisories/566