PT-2022-9007 · Hoek · Hoek
Published
2022-09-23
·
Updated
2022-09-26
·
CVE-2020-36604
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
hoek versions prior to 8.5.1
hoek versions 9.x prior to 9.0.3
Description
The issue allows prototype poisoning in the clone function. If an object with the
proto key is passed to clone(), the key is converted to a prototype.Recommendations
For hoek versions prior to 8.5.1, update to version 8.5.1 to resolve the issue.
For hoek versions 9.x prior to 9.0.3, update to version 9.0.3 to resolve the issue.
As a temporary workaround, consider avoiding the use of the
clone() function with objects containing the proto key until a patch is applied.Fix
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hoek