52 matches found
Security Bulletin: Vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava. Vulnerabilities include allowing a malicious user to modify the prototype of "Object" via proto, causing the addition...
Security Bulletin: Vulnerabilities in Apache Tomcat and hoek might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and hoek. Vulnerabilities include Relative Path Traversal vulnerability in Apache Tomcat, Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat, Improper...
EUVD-2018-0190
Malware in sbrugna...
EUVD-2022-6771
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-36604
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function. CVE-2020-36604 Note that Nessus relies on the presence of the package a...
Linux Distros Unpatched Vulnerability : CVE-2018-3728
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults'...
RHEL 8 : nodejs-hoek (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - hoek: Prototype pollution in utilities function CVE-2018-3728 Note that Nessus has not tested for this issue but ha...
RHEL 8 : hoek (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - hoek: Prototype pollution in utilities function CVE-2018-3728 Note that Nessus has not tested for this issue but ha...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to arbitrary code execution due to [CVE-2020-36604]
Summary Node.js module hoek is used by IBM App Connect Enterprise Certified Container Designer connectors. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that execute Designer flows may be vulnerable to arbitrary code execution. This bulletin...
Prototype Pollution
@hapi/hoek is vulnerable to prototype pollution. The function internals.clone allows an attacker to get control of value of “path” and modify attributes such as proto, constructor and prototype...
CVE-2020-36604
A prototype pollution flaw was found the clone function of the hapi/hoek package. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could execute arbitrary code or cause a denial of service condition on the system...
00ld8nuivn (=2.1.0), 00rqiw31nd (=2.1.0) +44490 more potentially affected by CVE-2020-36604 via hoek (>=0.0.21 <=6.1.3)
hoek NPM version =0.0.21, =1.0.1, =1.0.4 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 06-tekbooks =0.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkpu =1.1.0 - 098of6vzvl =1.1.0 and more Source cves: CVE-2020-36604 Source advisory:...
GHSA-C429-5P7V-VGJP hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1...
hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1...
CVE-2020-36604
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function...
CVE-2020-36604
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function...
DEBIAN-CVE-2020-36604
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function...
UBUNTU-CVE-2020-36604
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function...
Design/Logic Flaw
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function...
CVE-2020-36604
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function...