Search for packages
| purl | pkg:rpm/redhat/rhmap-fh-openshift-templates@4.6.0-5?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-am2z-v7gj-nqch
Aliases: CVE-2017-15010 GHSA-g7q5-pjjr-gqvp |
Uncontrolled Resource Consumption An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU. | There are no reported fixed by versions. |
|
VCID-yk3z-5fjt-q7gb
Aliases: CVE-2018-3728 GHSA-jp4x-w63m-7wgm |
Prototype Pollution in hoek Versions of `hoek` prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution. The `merge` function, and the `applyToDefaults` and `applyToDefaultsWithShallow` functions which leverage `merge` behind the scenes, are vulnerable to a prototype pollution attack when provided an _unvalidated_ payload created from a JSON string containing the `__proto__` property. This can be demonstrated like so: ```javascript var Hoek = require('hoek'); var malicious_payload = '{"__proto__":{"oops":"It works !"}}'; var a = {}; console.log("Before : " + a.oops); Hoek.merge({}, JSON.parse(malicious_payload)); console.log("After : " + a.oops); ``` This type of attack can be used to overwrite existing properties causing a potential denial of service. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:28:57.235767+00:00 | RedHat Importer | Affected by | VCID-am2z-v7gj-nqch | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15010.json | 38.0.0 |
| 2026-04-01T14:26:09.789093+00:00 | RedHat Importer | Affected by | VCID-yk3z-5fjt-q7gb | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3728.json | 38.0.0 |