Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Hapijs Security Vulnerabilities

cve
cve

CVE-2020-36604

hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone...

8.1CVSS

7.8AI Score

0.002EPSS

2022-09-23 06:15 AM
77
4
cve
cve

CVE-2023-25166

formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this...

6.5CVSS

6.3AI Score

0.001EPSS

2023-02-08 08:15 PM
31
cve
cve

CVE-2017-16025

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket...

5.9CVSS

5.7AI Score

0.002EPSS

2018-06-04 07:29 PM
28
cve
cve

CVE-2017-16013

hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed accept-encoding header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is...

7.5CVSS

7.4AI Score

0.001EPSS

2018-06-04 07:29 PM
27
cve
cve

CVE-2015-9236

Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not...

5.3CVSS

5.2AI Score

0.001EPSS

2018-05-31 08:29 PM
26
cve
cve

CVE-2015-9241

Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2...

7.5CVSS

7.5AI Score

0.003EPSS

2018-05-29 08:29 PM
25
cve
cve

CVE-2015-9243

When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions...

5.9CVSS

5.6AI Score

0.001EPSS

2018-05-29 08:29 PM
26
cve
cve

CVE-2018-3728

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an...

8.8CVSS

8.4AI Score

0.01EPSS

2018-03-30 07:29 PM
66