Denial of Service in content

Versions of content are vulnerable to Denial of Service. The Content-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to catching expected application...

GHSA-5854-JVXX-2CG9 Denial of Service in content

Versions of content are vulnerable to Denial of Service. The Content-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to catching expected application...

3id-test-helper (>=1.0.0 <=1.0.4), 3nit-utils (>=0.24.0 <=0.30.0) +294 more potentially affected by unknown CVE via @hapi/content (=4.1.1)

@hapi/content NPM version =4.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @hapi/content and may be impacted: - 3id-test-helper =1.0.0, =0.24.0, =6.8.2, =1.4.0, =0.1.0, =2.1.0, =2.5.0-next.11, =2.6.0, =2.1.0, =2.4.0, =2.1.0, =2.1.0, =2.4.0, =2.7....

Denial of Service in @hapi/content

Versions of @hapi/content prior to 4.1.1 and 5.0.1 are vulnerable to Denial of Service. The Content-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to...

GHSA-3WQH-H42R-X8FQ Denial of Service in @hapi/content

Versions of @hapi/content prior to 4.1.1 and 5.0.1 are vulnerable to Denial of Service. The Content-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to...

@commercial/hapi (=19.0.2), @hapi/hapi (>=19.0.0 <=19.0.4) potentially affected by unknown CVE via @hapi/ammo (=4.0.1)

@hapi/ammo NPM version =4.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @hapi/ammo and may be impacted: - @commercial/hapi =19.0.2 - @hapi/hapi =19.0.0, =19.0.4 Source cves: unknown CVE Source advisory: OSV:GHSA-GJPH-XF5Q-6MFQ...

Denial of Service in @hapi/ammo

Versions of @hapi/ammo prior to 3.1.2 or 5.0.1 are vulnerable to Denial of Service. The Range HTTP header parser has a vulnerability which will cause the function to throw a system error if the header is set to an invalid value. Because hapi is not expecting the function to ever throw, the error ...

GHSA-GJPH-XF5Q-6MFQ Denial of Service in @hapi/ammo

Versions of @hapi/ammo prior to 3.1.2 or 5.0.1 are vulnerable to Denial of Service. The Range HTTP header parser has a vulnerability which will cause the function to throw a system error if the header is set to an invalid value. Because hapi is not expecting the function to ever throw, the error ...

@commercial/hapi (=19.0.2), @hapi/hapi (>=19.0.0 <=19.0.4) +7 more potentially affected by unknown CVE via @hapi/accept (=4.0.1)

@hapi/accept NPM version =4.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @hapi/accept and may be impacted: - @commercial/hapi =19.0.2 - @hapi/hapi =19.0.0, =0.0.3, =0.27.0, =0.27.0, =0.9.0, =2.0.4, =5.0.2 Source cves: unknown CVE Source advisory...

GHSA-9VRW-M88G-W75Q Denial of Service in @hapi/accept

Versions of @hapi/accept prior to 3.2.4 or 5.0.1 are vulnerable to Denial of Service. The Accept-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to...

Denial of Service in @hapi/accept

Versions of @hapi/accept prior to 3.2.4 or 5.0.1 are vulnerable to Denial of Service. The Accept-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to...

GHSA-MG85-8MV5-FFJR Denial of Service in ammo

All versions of ammo are vulnerable to Denial of Service. The Range HTTP header parser has a vulnerability which will cause the function to throw a system error if the header is set to an invalid value. Because hapi is not expecting the function to ever throw, the error is thrown all the way up t...

Denial of Service in ammo

All versions of ammo are vulnerable to Denial of Service. The Range HTTP header parser has a vulnerability which will cause the function to throw a system error if the header is set to an invalid value. Because hapi is not expecting the function to ever throw, the error is thrown all the way up t...

@kmanion/senpai (=1.0.0), be-more-hapi (=1.0.0-rc.1.1) +39 more potentially affected by CVE-2015-9243 via hapi (>=0.14.2 <=11.1.2)

hapi NPM version =0.14.2, =0.1.0-pre, =0.0.2, =0.0.7, =0.1.0, =0.1.0, =0.0.1, =0.0.4 - hapi-auth-passthrough =1.0.0 - hapi-exit =0.0.2 - hapi-mongoose-connect =1.0.0 - hapi-register-example =1.0.1 and more Source cves: CVE-2015-9243 Source advisory: OSV:GHSA-J3G2-M5JJ-6336...

Unsafe Merging of CORS Configuration Conflict in hapi

Versions of hapi prior to 11.1.4 are affected by a vulnerability that causes route-level CORS configuration to override connection-level or server-level CORS defaults. This may result in a situation where CORS permissions are less restrictive than intended. Recommendation Update hapi to version...

GHSA-J3G2-M5JJ-6336 Unsafe Merging of CORS Configuration Conflict in hapi

Versions of hapi prior to 11.1.4 are affected by a vulnerability that causes route-level CORS configuration to override connection-level or server-level CORS defaults. This may result in a situation where CORS permissions are less restrictive than intended. Recommendation Update hapi to version...

3nit-components (>=0.0.2 <=0.0.4), 3nit-utils (>=0.3.0 <=0.23.0) +1451 more potentially affected by CVE-2014-4671 via hapi (>=0.14.2 <=6.11.1)

hapi NPM version =0.14.2, =0.0.2, =0.3.0, =1.0.0, =1.16.0, =1.16.0, =1.16.0, =1.0.0, =0.0.1, =0.1.0, =0.9.0, =1.0.7, =0.0.1, =1.0.8, =11.1.27-alpha.4606607431 and more Source cves: CVE-2014-4671 Source advisory: OSV:GHSA-363H-VJ6Q-3CMJ...

Rosetta-Flash JSONP Vulnerability in hapi

This description taken from the pull request provided by Patrick Kettner. Versions 6.1.0 and earlier of hapi are vulnerable to a rosetta-flash attack, which can be used by attackers to send data across domains and break the browser same-origin-policy. Recommendation - Update hapi to version 6.1.1...

GHSA-363H-VJ6Q-3CMJ Rosetta-Flash JSONP Vulnerability in hapi

This description taken from the pull request provided by Patrick Kettner. Versions 6.1.0 and earlier of hapi are vulnerable to a rosetta-flash attack, which can be used by attackers to send data across domains and break the browser same-origin-policy. Recommendation - Update hapi to version 6.1.1...

am.ik.github:reactive-github-client (>=0.0.1 <=0.0.4), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.2.0) +218 more potentially affected by CVE-2018-15756 via org.springframework:spring-core (=5.0.0.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - am.ik.github:reactive-github-client =0.0.1, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0,...