VDB
CVE-2018-3728
CVE-2018-3728
PUBLISHED
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
EPSS 1.68% · 82.5th percentile
Risk Scores
EPSS Score
1.68%
82.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | node-hoek | 10.0.1+~cs12.0.0-1, 0 |
| Ubuntu:20.04:LTS | node-hoek | 8.5.0+~4.2.1+~3.3.1-1, 0, * |
| Ubuntu:22.04:LTS | node-hoek | 0, 9.1.0+~cs10.1.0-1 |
| Ubuntu:18.04:LTS | node-hoek | 4.1.0-2, 0 |
| Ubuntu:25.10 | node-hoek | 10.0.1+~cs12.0.0-1, 0 |
Exploit Intelligence
- ossf-cve-benchmark/CVE-2018-3728 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-3728 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-3728 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-3728 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-3728 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-3728 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-3728 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-3728 (github-poc-repo)
- https://snyk.io/vuln/npm:hoek:20180212 (nist-nvd)
- https://hackerone.com/reports/310439 (nist-nvd)
…and 3 more exploits
Timeline
- CVE Published
- Feb 13, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Aug 13, 2024 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 4, 2025 EPSS Score
- Apr 17, 2025 EPSS Score
- Apr 18, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-3728 third-party-advisory
- https://snyk.io/vuln/npm:hoek:20180212 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-3728 third-party-advisory