Bug 2129802 (CVE-2020-36604) - CVE-2020-36604 hapi/hoek: Prototype Pollution in @hapi/hoek
Summary: CVE-2020-36604 hapi/hoek: Prototype Pollution in @hapi/hoek
Keywords:
Status: NEW
Alias: CVE-2020-36604
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2132514 2132515 2132516 2132517 2132518 2132519 2159188
Blocks: 2129803
TreeView+ depends on / blocked
 
Reported: 2022-09-26 10:12 UTC by Avinash Hanwate
Modified: 2023-10-25 17:21 UTC (History)
44 users (show)

Fixed In Version: hoek 8.5.1, hoek 9.0.3
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Avinash Hanwate 2022-09-26 10:12:45 UTC 
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.

https://security.snyk.io/vuln/SNYK-JS-HAPIHOEK-548452)
https://github.com/hapijs/hoek/issues/352
Comment 1 Avinash Hanwate 2022-10-06 02:52:03 UTC 
Created cockatrice tracking bugs for this issue:

Affects: fedora-all [bug 2132514]


Created golang-entgo-ent tracking bugs for this issue:

Affects: fedora-all [bug 2132515]


Created golang-github-prometheus tracking bugs for this issue:

Affects: epel-7 [bug 2132517]


Created zuul tracking bugs for this issue:

Affects: fedora-all [bug 2132516]
Comment 3 TEJ RATHI 2022-10-11 06:58:52 UTC 
Upstream Commit: https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90
Note You need to log in before you can comment on or make changes to this bug.