Security
Headlines

Headlines Latest CVEs

Headline

GHSA-c429-5p7v-vgjp: hoek subject to prototype pollution via the clone function.

hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.

2 years ago

hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-36604
hapijs/hoek#352

Related news

hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.

2 years ago

ghsa: Latest News

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

1 hour ago

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

1 hour ago

GHSA-v7vm-rhmg-8j2r: Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API

1 hour ago

GHSA-2xcc-vm3f-m8rw: @lobehub/chat Server Side Request Forgery vulnerability

2 hours ago

GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

20 hours ago