Hapijs Hapi
4 CVEs affecting Hapijs Hapi. Latest disclosed: 2018-06-04. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-16013 | High | 7.5 | 2018-06-04 | hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown… |
CVE-2015-9241 | High | 7.5 | 2018-05-29 | Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 e… |
CVE-2015-9243 | Medium | 5.9 | 2018-05-29 | When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included s… |
CVE-2015-9236 | Medium | 5.3 | 2018-05-31 | Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-… |