hapi — CVE history (npm)
hapi
4 CVEs affect the hapi npm package (highest CVSS 7.5). Latest disclosed: 2018-06-04. Full CVE history sourced from NVD.
Summary
- Package
hapi(npm)- Total CVEs
4- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.5- Latest disclosed
- 2018-06-04
Recent CVEs (top 4)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2017-16013 | High | 7.5 | — | 2018-06-04 | hapi is a web and services application framework. |
CVE-2015-9236 | Medium | 5.3 | — | 2018-05-31 | Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. |
CVE-2015-9243 | Medium | 5.9 | — | 2018-05-29 | When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security… |
CVE-2015-9241 | High | 7.5 | — | 2018-05-29 | Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. |
All-time worst (top 4 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2017-16013 | High | 7.5 | — | 2018-06-04 | hapi is a web and services application framework. |
CVE-2015-9241 | High | 7.5 | — | 2018-05-29 | Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. |
CVE-2015-9243 | Medium | 5.9 | — | 2018-05-29 | When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security… |
CVE-2015-9236 | Medium | 5.3 | — | 2018-05-31 | Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. |