Filtered by vendor Hapijs
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3728 | 1 Hapijs | 1 Hoek | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2017-16013 | 1 Hapijs | 1 Hapi | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached. | |||||
| CVE-2015-9241 | 1 Hapijs | 1 Hapi | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes). | |||||