Search for packages
| purl | pkg:npm/hoek@6.0.2 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-f9fx-rs6v-x7d4
Aliases: CVE-2020-36604 GHSA-c429-5p7v-vgjp |
hoek subject to prototype pollution via the clone function. hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the __proto__ key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T22:11:14.452740+00:00 | GitLab Importer | Affected by | VCID-f9fx-rs6v-x7d4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/hoek/CVE-2020-36604.yml | 38.4.0 |
| 2026-04-11T23:27:58.654917+00:00 | GitLab Importer | Affected by | VCID-f9fx-rs6v-x7d4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/hoek/CVE-2020-36604.yml | 38.3.0 |
| 2026-04-02T23:33:48.277827+00:00 | GitLab Importer | Affected by | VCID-f9fx-rs6v-x7d4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/hoek/CVE-2020-36604.yml | 38.1.0 |
| 2026-04-01T17:55:43.273019+00:00 | GitLab Importer | Affected by | VCID-f9fx-rs6v-x7d4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/hoek/CVE-2020-36604.yml | 38.0.0 |