NodeJS/@hapi/hoek/9.0.0
General purpose node utilities
https://www.npmjs.com/package/@hapi/hoek
BSD-3-Clause
2 Security Vulnerabilities
Prototype Pollution in @hapi/hoek
Versions of @hapi/hoek prior to 8.5.1 and 9.0.3 are vulnerable to Prototype Pollution. The clone function fails to prevent the modification of the Object prototype when passed specially-crafted input. Attackers may use this to change existing properties that exist in all objects, which may lead to Denial of Service or Remote Code Execution in specific circumstances.
This issue does not affect hapi applications since the framework protects against such malicious inputs. Applications that use @hapi/hoek outside of the hapi ecosystem may be vulnerable.
Recommendation
Update to version 8.5.1, 9.0.3 or later.
hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
42 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 11.0.4 | BSD-3-Clause | 2023-12-05 - 10:47 | 4 months | |
| 11.0.3 | BSD-3-Clause | 2023-12-05 - 08:07 | 4 months | |
| 11.0.2 | BSD-3-Clause | 2022-12-14 - 15:40 | over 1 year | |
| 11.0.1 | BSD-3-Clause | 2022-12-13 - 19:34 | over 1 year | |
| 11.0.0 | BSD-3-Clause | 2022-12-13 - 08:04 | over 1 year | |
| 10.0.1 | BSD-3-Clause | 2022-07-23 - 18:31 | over 1 year | |
| 10.0.0 | BSD-3-Clause | 2022-05-01 - 18:29 | almost 2 years | |
| 9.3.0 | BSD-3-Clause | 2022-05-01 - 18:01 | almost 2 years | |
| 9.2.1 | BSD-3-Clause | 2021-09-27 - 20:57 | over 2 years | |
| 9.2.0 | BSD-3-Clause | 2021-04-17 - 21:10 | almost 3 years | |
| 9.1.1 | BSD-3-Clause | 2020-12-27 - 17:06 | over 3 years | |
| 9.1.0 | BSD-3-Clause | 2020-09-02 - 01:35 | over 3 years | |
| 9.0.4 | BSD-3-Clause | 2020-03-12 - 05:12 | about 4 years | |
| 9.0.3 | BSD-3-Clause | 2020-02-08 - 06:37 | about 4 years | |
| 9.0.2 | BSD-3-Clause | 2 | 2020-01-09 - 18:27 | over 4 years |
| 9.0.1 | BSD-3-Clause | 2 | 2020-01-09 - 06:14 | over 4 years |
| 9.0.0 | BSD-3-Clause | 2 | 2020-01-03 - 23:06 | over 4 years |
| 8.5.1 | BSD-3-Clause | 2020-02-08 - 06:45 | about 4 years | |
| 8.5.0 | BSD-3-Clause | 2 | 2019-10-31 - 00:37 | over 4 years |
| 8.4.0 | BSD-3-Clause | 2 | 2019-10-30 - 06:42 | over 4 years |
| 8.3.2 | BSD-3-Clause | 2 | 2019-10-17 - 20:54 | over 4 years |
| 8.3.1 | BSD-3-Clause | 1 | 2019-10-15 - 06:27 | over 4 years |
| 8.3.0 | BSD-3-Clause | 1 | 2019-10-05 - 03:21 | over 4 years |
| 8.2.5 | BSD-3-Clause | 1 | 2019-09-28 - 07:13 | over 4 years |
| 8.2.4 | BSD-3-Clause | 1 | 2019-09-09 - 06:18 | over 4 years |
| 8.2.3 | BSD-3-Clause | 1 | 2019-09-08 - 19:14 | over 4 years |
| 8.2.2 | BSD-3-Clause | 1 | 2019-09-01 - 07:35 | over 4 years |
| 8.2.1 | BSD-3-Clause | 1 | 2019-08-12 - 19:48 | over 4 years |
| 8.2.0 | BSD-3-Clause | 1 | 2019-08-07 - 21:35 | over 4 years |
| 8.1.0 | BSD-3-Clause | 1 | 2019-07-24 - 17:41 | over 4 years |
| 8.0.2 | BSD-3-Clause | 1 | 2019-07-01 - 16:54 | almost 5 years |
| 8.0.1 | BSD-3-Clause | 1 | 2019-06-26 - 17:17 | almost 5 years |
| 8.0.0 | BSD-3-Clause | 1 | 2019-06-26 - 05:57 | almost 5 years |
| 7.2.1 | BSD-3-Clause | 1 | 2019-06-23 - 04:10 | almost 5 years |
| 7.2.0 | BSD-3-Clause | 1 | 2019-06-22 - 03:49 | almost 5 years |
| 7.1.0 | BSD-3-Clause | 1 | 2019-06-01 - 17:48 | almost 5 years |
| 7.0.0 | BSD-3-Clause | 1 | 2019-05-31 - 21:38 | almost 5 years |
| 6.2.4 | BSD-3-Clause | 1 | 2019-05-27 - 00:44 | almost 5 years |
| 6.2.3 | BSD-3-Clause | 1 | 2019-05-17 - 20:15 | almost 5 years |
| 6.2.2 | BSD-3-Clause | 1 | 2019-05-17 - 20:10 | almost 5 years |
| 6.2.1 | BSD-3-Clause | 1 | 2019-03-29 - 22:27 | about 5 years |
| 6.2.0 | BSD-3-Clause | 1 | 2019-03-27 - 00:33 | about 5 years |