Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/%40hapi/hoek@8.5.1
purl pkg:npm/%40hapi/hoek@8.5.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-f9fx-rs6v-x7d4 hoek subject to prototype pollution via the clone function. hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the __proto__ key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1. CVE-2020-36604
GHSA-c429-5p7v-vgjp
VCID-s862-k9pn-gbfs Prototype Pollution in @hapi/hoek Versions of `@hapi/hoek` prior to 8.5.1 and 9.0.3 are vulnerable to Prototype Pollution. The `clone` function fails to prevent the modification of the Object prototype when passed specially-crafted input. Attackers may use this to change existing properties that exist in all objects, which may lead to Denial of Service or Remote Code Execution in specific circumstances. This issue __does not__ affect hapi applications since the framework protects against such malicious inputs. Applications that use `@hapi/hoek` outside of the hapi ecosystem may be vulnerable. ## Recommendation Update to version 8.5.1, 9.0.3 or later. GHSA-22h7-7wwg-qmgg
GMS-2020-28

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:11:14.709953+00:00 GitLab Importer Fixing VCID-f9fx-rs6v-x7d4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@hapi/hoek/CVE-2020-36604.yml 38.4.0
2026-04-16T21:11:00.584094+00:00 GitLab Importer Fixing VCID-s862-k9pn-gbfs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@hapi/hoek/GMS-2020-28.yml 38.4.0
2026-04-11T23:27:58.915782+00:00 GitLab Importer Fixing VCID-f9fx-rs6v-x7d4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@hapi/hoek/CVE-2020-36604.yml 38.3.0
2026-04-11T22:22:50.768747+00:00 GitLab Importer Fixing VCID-s862-k9pn-gbfs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@hapi/hoek/GMS-2020-28.yml 38.3.0
2026-04-02T23:33:48.535853+00:00 GitLab Importer Fixing VCID-f9fx-rs6v-x7d4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@hapi/hoek/CVE-2020-36604.yml 38.1.0
2026-04-02T22:34:52.788560+00:00 GitLab Importer Fixing VCID-s862-k9pn-gbfs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@hapi/hoek/GMS-2020-28.yml 38.1.0
2026-04-02T12:37:17.264218+00:00 GitLab Importer Fixing VCID-s862-k9pn-gbfs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@hapi/hoek/GMS-2020-28.yml 38.0.0
2026-04-01T17:55:43.578906+00:00 GitLab Importer Fixing VCID-f9fx-rs6v-x7d4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@hapi/hoek/CVE-2020-36604.yml 38.0.0
2026-04-01T16:03:32.248543+00:00 GHSA Importer Fixing VCID-f9fx-rs6v-x7d4 https://github.com/advisories/GHSA-c429-5p7v-vgjp 38.0.0
2026-04-01T15:58:41.162580+00:00 GHSA Importer Fixing VCID-s862-k9pn-gbfs https://github.com/advisories/GHSA-22h7-7wwg-qmgg 38.0.0
2026-04-01T13:05:36.853377+00:00 GithubOSV Importer Fixing VCID-f9fx-rs6v-x7d4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c429-5p7v-vgjp/GHSA-c429-5p7v-vgjp.json 38.0.0
2026-04-01T12:59:55.239755+00:00 GithubOSV Importer Fixing VCID-s862-k9pn-gbfs https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-22h7-7wwg-qmgg/GHSA-22h7-7wwg-qmgg.json 38.0.0