CVE-2018-3728

Name of the Vulnerable Software and Affected Versions hoek versions prior to 4.2.1 hoek versions 5.0.x prior to 5.0.3

Description The issue affects the merge and applyToDefaults functions in the hoek node module, allowing a malicious user to modify the prototype of "Object" via proto. This can lead to the addition or modification of an existing property that will exist on all objects, potentially causing a denial of service. The vulnerability can be exploited when an unvalidated payload containing the proto property is provided to the affected functions.

Recommendations Update to version 4.2.1 or later. Update to version 5.0.3 or later.