Name of the Vulnerable Software and Affected Versions @hapi/hoek versions prior to 8.5.1 @hapi/hoek versions prior to 9.0.3

Description The issue concerns Prototype Pollution due to the clone function in @hapi/hoek failing to prevent the modification of the Object prototype when passed specially-crafted input. This could lead to Denial of Service or Remote Code Execution in specific circumstances. However, hapi applications are protected against such malicious inputs by the framework itself. Only applications using @hapi/hoek outside of the hapi ecosystem may be vulnerable.

Recommendations Update to version 8.5.1 or later. Update to version 9.0.3 or later.