CVE-2020-36604

A prototype pollution flaw was found the clone function of the hapi/hoek package. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could execute arbitrary code or cause a denial of service condition on the system...

Prototype Pollution in @hapi/hoek

Versions of @hapi/hoek prior to 8.5.1 and 9.0.3 are vulnerable to Prototype Pollution. The clone function fails to prevent the modification of the Object prototype when passed specially-crafted input. Attackers may use this to change existing properties that exist in all objects, which may lead t...

GHSA-22H7-7WWG-QMGG Prototype Pollution in @hapi/hoek

Versions of @hapi/hoek prior to 8.5.1 and 9.0.3 are vulnerable to Prototype Pollution. The clone function fails to prevent the modification of the Object prototype when passed specially-crafted input. Attackers may use this to change existing properties that exist in all objects, which may lead t...

Prototype Pollution

@hapi/hoek is vulnerable to prototype pollution. Failure to validate object to prevent modification of object prototype in clone function allows an attacker to inject malicious object properties which can potentially lead to execution of arbitrary code. The vulnerability affects only applications...

Prototype Pollution

Overview Versions of @hapi/hoek prior to 8.5.1 and 9.0.3 are vulnerable to Prototype Pollution. The clone function fails to prevent the modification of the Object prototype when passed specially-crafted input. Attackers may use this to change existing properties that exist in all objects, which m...