GitHub Advisory DatabaseGHSA-CQR7-78PJ-3G7JFile Descriptor Leak Can Cause DoS Vulnerability in hapi
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.009 Low
EPSS
Percentile
82.5%
Versions 2.0.x and 2.1.x of hapi are vulnerable to a denial of service attack via a file descriptor leak.
When triggered repeatedly, this leak will cause the server to run out of file descriptors and the node process to die. The effort required to take down a server depends on the process file descriptor limit. No other side effects or exploits have been identified.
Recommendation
- Please upgrade to version 2.2.x or above as soon as possible.
Affected configurations
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.009 Low
EPSS
Percentile
82.5%