HIGH🇬🇧 English

CVE-2017-16013

CVSS 7.5v3.0pub. 2018-06-04upd. 2024-11-21

hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Hapijs Hapi

    APP
    Hapijs
    15.0.0 – 16.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2015-9241HIGH7.5ten sam produkt

Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' except...

CVE-2015-9236MEDIUM5.3ten sam produkt

Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned...

CVE-2015-9243MEDIUM5.9ten sam produkt

When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are c...

CVE-2020-36604HIGH8.1ten sam vendor

hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.

CVE-2018-3728HIGH8.8ten sam vendor

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MA...