2 matches found
@kmanion/senpai (=1.0.0), be-more-hapi (=1.0.0-rc.1.1) +39 more potentially affected by CVE-2015-9241 via hapi (>=0.14.2 <=11.1.2)
hapi NPM version =0.14.2, =0.1.0-pre, =0.0.2, =0.0.7, =0.1.0, =0.1.0, =0.0.1, =0.0.4 - hapi-auth-passthrough =1.0.0 - hapi-exit =0.0.2 - hapi-mongoose-connect =1.0.0 - hapi-register-example =1.0.1 and more Source cves: CVE-2015-9241 Source advisory: OSV:GHSA-RC8H-3FV6-PXV8...
CVE-2015-9241
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out default node timeout is 2...