CVE-2024-23339 Information

Description

hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1 utility functions related to object paths (get set and update) did not block attempts to access or alter object prototypes. Starting in version 2.2.1 the get set and update functions throw a TypeError when a user attempts to access or alter inherited properties.

Reference

https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25 https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982