Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-3728

Опубликовано: 15 фев. 2018
Источник: redhat
CVSS3: 2.9
EPSS Низкий

Описание

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

Отчет

Red Hat Quay includes hoek as a dependency of protractor which is only used at build time. The vulnerable library is not used at runtime meaning this has a low impact on Red Hat Quay.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8nodejs-hoekWill not fix
Red Hat OpenShift Enterprise 3nodejs-hoekWill not fix
Red Hat Software Collectionsrh-nodejs4-nodejs-hoekWill not fix
Red Hat Software Collectionsrh-nodejs6-nodejs-hoekWill not fix
Red Hat Virtualization 4ovirt-engine-api-explorerNot affected
Red Hat Virtualization 4ovirt-engine-dashboardNot affected
Red Hat Virtualization 4ovirt-engine-ui-extensionsNot affected
Red Hat Mobile Application Platform 4.6fh-system-dump-toolFixedRHSA-2018:126330.04.2018
Red Hat Mobile Application Platform 4.6fpingFixedRHSA-2018:126330.04.2018
Red Hat Mobile Application Platform 4.6nagiosFixedRHSA-2018:126330.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1545893hoek: Prototype pollution in utilities function

EPSS

Процентиль: 82%
0.01675
Низкий

2.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-3728

CVSS3: 8.8
ubuntu
почти 8 лет назад

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

nvd логотип

CVE-2018-3728

CVSS3: 8.8
nvd
почти 8 лет назад

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

debian логотип

CVE-2018-3728

CVSS3: 8.8
debian
почти 8 лет назад

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Mo ...

github логотип

GHSA-jp4x-w63m-7wgm

CVSS3: 8.8
github
почти 8 лет назад

Prototype Pollution in hoek

EPSS

Процентиль: 82%
0.01675
Низкий

2.9 Low

CVSS3