2 matches found
CVE-2020-36604
CVE-2020-36604 affects hoek: older releases (before 8.5.1 and 9.x before 9.0.3) allow prototype poisoning via the clone() function. Update hoek to 8.5.1+ or 9.0.3+ (or newer) to mitigate.
CVE-2018-3728
CVE-2018-3728 affects the hoek npm package. It is vulnerable to prototype pollution via the merge and applyToDefaults utilities, allowing an attacker to modify Object.prototype through proto and corrupt properties on all objects. Affected versions are hoek before 4.2.0 and 5.0.x before 5.0.3. Rem...