CGA-659h-6c6w-34c8

Published

Last updated

https://images.chainguard.dev/security/CGA-659h-6c6w-34c8

Package

opensearch-dashboards-2-fips

Latest Update

Fixed

Fixed Version

2.13.0-r0

Aliases

CVE-2020-36604
GHSA-c429-5p7v-vgjp

Severity

8.1

High

CVSS V3

Summary

hoek subject to prototype pollution via the clone function.

Description

hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-36604
https://github.com/advisories/GHSA-c429-5p7v-vgjp
https://github.com/hapijs/hoek/issues/352
https://github.com/hapijs/hoek/commit/4d0804bc6135ad72afdc5e1ec002b935b2f5216a
https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-659h-6c6w-34c8

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources