Описание
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.
A prototype pollution flaw was found the clone() function of the hapi/hoek package. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could execute arbitrary code or cause a denial of service condition on the system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Containers | rhmtc/openshift-migration-ui-rhel8 | Will not fix | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-ui-rhel8 | Fix deferred | ||
| OpenShift Developer Tools and Services | odo | Will not fix | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/kiali-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2.0 | openshift-service-mesh/kiali-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Affected | ||
| OpenShift Service Mesh 2.1 | openshift-service-mesh/kiali-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2.1 | servicemesh-prometheus | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/application-ui-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-1321
https://bugzilla.redhat.com/show_bug.cgi?id=2129802hapi/hoek: Prototype Pollution in @hapi/hoek
8.1 High
CVSS3
Связанные уязвимости
CVSS3: 8.1
ubuntu
больше 3 лет назад
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.
CVSS3: 8.1
nvd
больше 3 лет назад
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.
CVSS3: 8.1
debian
больше 3 лет назад
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in t ...
CVSS3: 8.1
github
больше 3 лет назад
hoek subject to prototype pollution via the clone function.
8.1 High
CVSS3