Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to `cookie`. Submitting an invalid cookie on the websocket upgrade request will cause the node process to error out.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HHapijs Nes
APPHapijs≤ 6.4.0
Related vulnerabilities
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept...
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' except...
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MA...
Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned...