hoek subject to prototype pollution via the clone function.

🗓️ 25 Sep 2022 00:00:27Reported by GitHub Advisory DatabaseType

github🔗 github.com👁 132 Views

Hoek prototype pollution vulnerability fix

Reporter	Title	Published	Views	Family All 26
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	30 Mar 202315:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to arbitrary code execution due to [CVE-2020-36604]	1 Dec 202216:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.15.0 shipped with IBM Cloud Pak for Business Automation iFixes for December 2025.	7 Jan 202612:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat and hoek might affect IBM Storage Defender Copy Data Management	10 Apr 202614:40	–	ibm
Chainguard	CVE-2020-36604 vulnerabilities	23 Sep 202206:15	–	cgr
Circl	CVE-2020-36604	23 Sep 202212:13	–	circl
CNNVD	hoek 安全漏洞	23 Sep 202200:00	–	cnnvd
CVE	CVE-2020-36604	23 Sep 202205:28	–	cve
Cvelist	CVE-2020-36604	23 Sep 202205:28	–	cvelist
Debian CVE	CVE-2020-36604	23 Sep 202205:28	–	debiancve

Vulners

Node

hapijs hoekRange≤6.1.3npm

hapi hoekRange9.0.0–9.0.3npm

hapi hoekRange<8.5.1npm

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-36604
github	www.github.com/hapijs/hoek/issues/352
github	www.github.com/hapijs/hoek/commit/4d0804bc6135ad72afdc5e1ec002b935b2f5216a
github	www.github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90
github	www.github.com/advisories/GHSA-c429-5p7v-vgjp

28 May 2025 19:34Current

7.8High risk

Vulners AI Score7.8

CVSS 3.18.1

EPSS0.01047

SSVC