HIGH🇵🇱 Wersja polska

CVE-2018-3728

CVSS 8.8v3.0pub. 2018-03-30upd. 2024-11-21

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Hapijs Hoek

    APP
    Hapijs
    < 4.2.05.0.0 – 5.0.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-36604HIGH8.1ten sam produkt

hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.

CVE-2017-16013HIGH7.5ten sam vendor

hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept...

CVE-2015-9241HIGH7.5ten sam vendor

Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' except...

CVE-2017-16025MEDIUM5.9ten sam vendor

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4...

CVE-2015-9236MEDIUM5.3ten sam vendor

Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned...