CVE-2014-7193

CVE-2014-7193 affects the Crumb plugin for Node.js prior to 3.0.0. When a hapi route has CORS enabled, token access is not properly restricted, potentially allowing remote attackers to obtain sensitive information and possibly spoof requests to non-CORS routes via a crafted site visited by an app...