CVE-2017-16013

The CVE-2017-16013 entry concerns the hapi web framework for Node.js. Affected versions are 15.0.0 through 16.1.0, where receiving a malformed accept-encoding header can trigger an uncaught exception, causing the hapi process to crash or the client connection to hang until timeout. This has been ...

CVE-2015-9236

CVE-2015-9236 concerns Hapi (Node.js framework) versions

CVE-2015-9241

Affected software: hapi node module (Node.js) prior to version 11.1.3. Root cause: certain inputs in If-Modified-Since or Last-Modified headers cause an 'illegal access' exception, leading hapi to keep the socket open instead of returning HTTP 500, effectively a denial of service. Impact: potenti...

CVE-2015-9243

CVE-2015-9243 affects the hapi Node.js framework prior to version 11.1.4, where merging server/connection/route-level CORS configurations could cause security restrictions (e.g., origin) to be overridden by less restrictive defaults (origin → *). This confluence creates weaker CORS controls than ...