hapi — CVE history (npm)

hapi

4 CVEs affect the hapi npm package (highest CVSS 7.5). Latest disclosed: 2018-06-04. Full CVE history sourced from NVD.

Summary

Package
hapi (npm)
Total CVEs
4
Actively exploited (CISA KEV)
0
Highest CVSS
7.5
Latest disclosed
2018-06-04

Recent CVEs (top 4)

CVESeverityCVSSKEVPublishedSummary
CVE-2017-16013High7.52018-06-04hapi is a web and services application framework.
CVE-2015-9236Medium5.32018-05-31Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden.
CVE-2015-9243Medium5.92018-05-29When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security…
CVE-2015-9241High7.52018-05-29Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised.

All-time worst (top 4 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2017-16013High7.52018-06-04hapi is a web and services application framework.
CVE-2015-9241High7.52018-05-29Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised.
CVE-2015-9243Medium5.92018-05-29When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security…
CVE-2015-9236Medium5.32018-05-31Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden.