3 matches found
@commercial/hapi (=19.0.2), @hapi/hapi (>=19.0.0 <=19.0.4) +7 more potentially affected by unknown CVE via @hapi/accept (=4.0.1)
@hapi/accept NPM version =4.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @hapi/accept and may be impacted: - @commercial/hapi =19.0.2 - @hapi/hapi =19.0.0, =0.0.3, =0.27.0, =0.27.0, =0.9.0, =2.0.4, =5.0.2 Source cves: unknown CVE Source advisory...
GHSA-9VRW-M88G-W75Q Denial of Service in @hapi/accept
Versions of @hapi/accept prior to 3.2.4 or 5.0.1 are vulnerable to Denial of Service. The Accept-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to...
Denial of Service in @hapi/accept
Versions of @hapi/accept prior to 3.2.4 or 5.0.1 are vulnerable to Denial of Service. The Accept-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to...