Описание
hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (get, set, and update) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the get, set and update functions throw a TypeError when a user attempts to access or alter inherited properties.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.0 (включая) до 2.2.1 (исключая)
cpe:2.3:a:elijahharry:hoolock:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 93%
0.09783
Низкий
6.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-1321
Связанные уязвимости
CVSS3: 6.3
github
около 2 лет назад
Prototype pollution not blocked by object-path related utilities in hoolock
EPSS
Процентиль: 93%
0.09783
Низкий
6.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-1321