Denial of Service

2017-04-14T21:06:38
ID NODEJS:331
Type nodejs
Reporter iipokypatop
Modified 2017-04-14T21:06:38

Description

Overview

Affected versions of nes are vulnerable to denial of service when given an invalid cookie header, and websocket authentication is set to cookie. Submitting an invalid cookie on the websocket upgrade request will cause the node process to throw and exit.

Remediation

Update to version 6.4.1 or later.

References

Issue #171 [Commit

249ba17](https://github.com/hapijs/nes/commit/249ba1755ed6977fbc208463c87364bf884ad655)