CVE-2018-3728 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-3728 PUBLISHED

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

EPSS 1.68% · 82.0th percentile

Risk Scores

EPSS Score

1.68%

82.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:24.04:LTS	node-hoek	0, 10.0.1+~cs12.0.0-1
Ubuntu:20.04:LTS	node-hoek	0, 8.2.4+~4.2.1+~3.3.1-3, 8.5.0+~4.2.1+~3.3.1-1
Ubuntu:22.04:LTS	node-hoek	0, 9.1.0+~cs10.1.0-1
Ubuntu:18.04:LTS	node-hoek	0, 4.1.0-2
Ubuntu:25.10	node-hoek	0, 10.0.1+~cs12.0.0-1

Timeline

CVE Published
Feb 13, 2018 PoC Published
Apr 14, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Aug 13, 2024 EPSS Score
Mar 17, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 4, 2025 EPSS Score
Apr 17, 2025 EPSS Score
Apr 18, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2018-3728 third-party-advisory
https://snyk.io/vuln/npm:hoek:20180212 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2018-3728 third-party-advisory

Open in Interactive Console →