@hapi/hoek@7.2.1 vulnerabilities

General purpose node utilities

Direct Vulnerabilities

Known vulnerabilities in the @hapi/hoek package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Prototype Pollution

@hapi/hoek is an utility methods package for the hapi ecosystem

Affected versions of this package are vulnerable to Prototype Pollution. The clone function fails to prevent the modification of the Object prototype when passed specially-crafted input.

Note: This issue does not affect hapi applications since the framework protects against such malicious inputs. Only applications that use @hapi/hoek outside of the hapi ecosystem may be vulnerable.

How to fix Prototype Pollution?

Upgrade @hapi/hoek to version 8.5.1, 9.0.3 or higher.

<8.5.1 >=9.0.0 <9.0.3