hapi@6.3.0 vulnerabilities
HTTP Server framework
-
latest version
18.1.0
-
first published
13 years ago
-
latest version published
6 years ago
-
licenses detected
- >=0.0.1 <8.5.0
Direct Vulnerabilities
Known vulnerabilities in the hapi package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
hapi is a HTTP Server framework. Affected versions of this package are vulnerable to Denial of Service (DoS). The CORS request handler has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. If no unhandled exception handler is available, the application will exist, allowing an attacker to shut down services. How to fix Denial of Service (DoS)? There is no fixed version for |
*
|
Security restrictions (e.g. origin) get overridden by less restrictive defaults (i.e. all origins) in cases when server level, connection level or route level CORS configurations are combined. |
<11.1.4
|
Sending a purposefully crafted invalid date in the The vulnerability is caused by the combination of two bugs.
First, the underlying V8 engine throws an exception when processing the specially crafted date, instead of stating the date is invalid as it should. Second, the Upgrading |
<11.1.3
|
Hapi v11.0.0 and below have an incorrect implementation of the CORS protocol, and allow for configurations that, at best, return inconsistent headers and, at worst, cross-origin activities that are expected to be forbidden. How to fix CORS Bypass? Upgrade to a version 11.0.0 or greater. |
<11.0.0
|