mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
1.3 KiB
1.3 KiB
CVE-2018-3728
%20(CWE-471)&color=brighgreen)
Description
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
POC
Reference
- https://hackerone.com/reports/310439
- https://hackerone.com/reports/310439
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:hoek:20180212
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/fabric8-analytics/cvejob
- https://github.com/hangxingliu/node-cve
- https://github.com/jpb06/kubot-website
- https://github.com/ossf-cve-benchmark/CVE-2018-3728
- https://github.com/seal-community/patches
- https://github.com/splunk-soar-connectors/github