NodeJS/hapi/15.0.3
HTTP Server framework
https://www.npmjs.com/package/hapi
BSD-3-Clause
3 Security Vulnerabilities
Denial of Service in hapi
Published date: 2020-09-03T15:48:00Z
All Versions of hapi are vulnerable to Denial of Service. The CORS request handler has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. If no unhandled exception handler is available, the application will exist, allowing an attacker to shut down services.
Recommendation
This package is deprecated and is now maintained as @hapi/hapi. Please update your dependencies to use @hapi/hapi.
Affected versions:
["0.0.1", "0.0.2", "0.0.3", "0.0.4", "0.0.5", "0.0.6", "0.1.0", "0.1.1", "0.1.2", "0.1.3", "0.2.0", "0.2.1", "0.3.0", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.5.0", "0.5.1", "0.6.0", "0.6.1", "0.5.2", "0.7.0", "0.7.1", "0.8.0", "0.8.1", "0.8.2", "0.8.3", "0.8.4", "0.9.0", "0.9.1", "0.9.2", "0.10.0", "0.10.1", "0.11.0", "0.11.1", "0.11.2", "0.11.3", "0.12.0", "0.13.0", "0.13.1", "0.13.2", "0.11.4", "0.13.3", "0.14.0", "0.14.1", "0.14.2", "0.15.0", "0.15.1", "0.15.2", "0.15.3", "0.15.4", "0.15.5", "0.15.6", "0.15.7", "0.15.8", "0.15.9", "0.16.0", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.1.0", "1.2.0", "1.3.0", "1.4.0", "1.5.0", "1.6.0", "1.6.1", "1.6.2", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.8.0", "1.8.1", "1.8.2", "1.8.3", "1.9.0", "1.9.1", "1.9.2", "1.9.3", "1.9.4", "1.9.5", "1.9.6", "1.9.7", "1.10.0", "1.11.0", "1.11.1", "1.12.0", "1.13.0", "1.14.0", "1.15.0", "1.16.0", "1.16.1", "1.17.0", "1.18.0", "1.19.0", "1.19.1", "1.19.2", "1.19.3", "1.19.4", "1.19.5", "1.20.0", "2.0.0-preview", "0.5.1-a", "0.5.1-b", "0.5.1-b2", "0.5.1-c", "2.0.0", "2.1.0", "2.1.1", "2.1.2", "2.2.0", "2.3.0", "2.4.0", "2.5.0", "2.6.0", "3.0.0", "3.0.1", "3.0.2", "3.1.0", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.1.0", "4.1.1", "4.1.2", "4.1.3", "4.1.4", "5.0.0", "5.1.0", "6.0.0", "6.0.1", "6.0.2", "6.1.0", "6.2.0", "6.2.1", "6.2.2", "6.3.0", "6.4.0", "6.5.0", "6.5.1", "6.6.0", "6.7.0", "6.7.1", "6.8.0", "6.8.1", "6.9.0", "6.10.0", "6.11.0", "6.11.1", "7.0.0", "7.0.1", "7.1.0", "7.1.1", "7.2.0", "7.3.0", "7.4.0", "7.5.0", "7.5.1", "7.5.2", "8.0.0", "7.5.3", "8.1.0", "8.2.0", "8.3.0", "8.3.1", "8.4.0", "8.5.0", "8.5.1", "8.5.2", "8.5.3", "8.6.0", "8.6.1", "8.8.0", "8.8.1", "9.0.0", "9.0.1", "9.0.2", "9.0.3", "9.0.4", "9.1.0", "9.2.0", "9.3.0", "9.3.1", "10.0.0", "10.0.1", "10.1.0", "10.2.1", "10.4.0", "10.4.1", "10.5.0", "11.0.0", "11.0.1", "11.0.2", "11.0.3", "11.0.4", "11.0.5", "11.1.0", "11.1.1", "11.1.2", "11.1.3", "11.1.4", "12.0.0", "12.0.1", "12.1.0", "9.5.1", "13.0.0", "13.1.0", "13.2.0", "13.2.1", "13.2.2", "13.3.0", "13.4.0", "13.4.1", "13.4.2", "13.5.0", "14.0.0", "13.5.3", "14.1.0", "14.2.0", "15.0.1", "15.0.2", "15.0.3", "15.1.0", "15.1.1", "15.2.0", "16.0.0", "16.0.1", "16.0.2", "16.0.3", "16.1.0", "16.1.1", "16.2.0", "16.3.0", "16.3.1", "16.4.0", "16.4.1", "16.4.2", "16.4.3", "16.5.0", "16.5.1", "16.5.2", "16.6.0", "16.6.1", "16.6.2", "17.0.0-rc1", "17.0.0-rc2", "17.0.0-rc3", "17.0.0-rc4", "17.0.0-rc6", "17.0.0-rc8", "17.0.0-rc9", "17.0.0-rc10", "17.0.0", "17.0.1", "17.0.2", "17.1.0", "17.1.1", "17.2.0", "17.2.1", "16.6.3", "17.2.2", "17.2.3", "17.3.0", "17.3.1", "17.4.0", "17.5.0", "17.5.1", "17.5.2", "17.5.3", "17.5.4", "17.5.5", "17.6.0", "17.6.1", "17.6.2", "17.6.3", "16.6.4", "17.6.4", "16.6.5", "17.7.0", "16.7.0", "17.8.0", "17.8.1", "18.0.0", "17.8.2", "17.8.3", "18.0.1", "17.8.4", "18.1.0", "17.8.5", "16.8.4"]
Secure versions:
[]
Denial of Service via malformed accept-encoding header in hapi
Published date: 2018-10-09T00:57:28Z
CVE: CVE-2017-16013
Links:
Affected versions of hapi will crash or lock the event loop when a malformed accept-encoding header is recieved.
Recommendation
Update to version 16.1.1 or later.
Affected versions:
["15.0.1", "15.0.2", "15.0.3", "15.1.0", "15.1.1", "15.2.0", "16.0.0", "16.0.1", "16.0.2", "16.0.3", "16.1.0"]
Secure versions:
[]
Denial of Service via malformed accept-encoding header
Published date: 2017-04-05
CVSS Score: 5.3
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Coordinating vendor: ^Lift Security
hapi is a web and services application framework.
When hapi encounters a malformed accept-encoding header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.
Affected versions:
["15.0.1", "15.0.2", "15.0.3", "15.1.0", "15.1.1", "15.2.0", "16.0.0", "16.0.1", "16.0.2", "16.0.3", "16.1.0"]
Secure versions:
[]
Recommendation:
Upgrade to hapi 16.1.1 or greater.
295 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 18.1.0 | BSD-3-Clause | 1 | 2019-02-04 - 21:52 | about 5 years |
| 18.0.1 | BSD-3-Clause | 1 | 2019-01-31 - 20:14 | about 5 years |
| 18.0.0 | BSD-3-Clause | 1 | 2019-01-18 - 20:07 | over 5 years |
| 17.8.5 | BSD-3-Clause | 1 | 2019-03-19 - 01:21 | about 5 years |
| 17.8.4 | BSD-3-Clause | 1 | 2019-02-04 - 21:33 | about 5 years |
| 17.8.3 | BSD-3-Clause | 1 | 2019-01-31 - 20:11 | about 5 years |
| 17.8.2 | BSD-3-Clause | 1 | 2019-01-31 - 20:02 | about 5 years |
| 17.8.1 | BSD-3-Clause | 1 | 2018-11-23 - 04:19 | over 5 years |
| 17.8.0 | BSD-3-Clause | 1 | 2018-11-23 - 03:11 | over 5 years |
| 17.7.0 | BSD-3-Clause | 1 | 2018-11-06 - 00:50 | over 5 years |
| 17.6.4 | BSD-3-Clause | 1 | 2018-11-03 - 04:32 | over 5 years |
| 17.6.3 | BSD-3-Clause | 1 | 2018-11-02 - 17:56 | over 5 years |
| 17.6.2 | BSD-3-Clause | 1 | 2018-11-01 - 22:31 | over 5 years |
| 17.6.1 | BSD-3-Clause | 1 | 2018-11-01 - 22:26 | over 5 years |
| 17.6.0 | BSD-3-Clause | 1 | 2018-09-25 - 07:55 | over 5 years |
| 17.5.5 | BSD-3-Clause | 1 | 2018-09-23 - 06:01 | over 5 years |
| 17.5.4 | BSD-3-Clause | 1 | 2018-08-28 - 07:46 | over 5 years |
| 17.5.3 | BSD-3-Clause | 1 | 2018-08-02 - 00:17 | over 5 years |
| 17.5.2 | BSD-3-Clause | 1 | 2018-06-24 - 04:17 | almost 6 years |
| 17.5.1 | BSD-3-Clause | 1 | 2018-05-30 - 15:18 | almost 6 years |
| 17.5.0 | BSD-3-Clause | 1 | 2018-05-21 - 17:59 | almost 6 years |
| 17.4.0 | BSD-3-Clause | 1 | 2018-04-29 - 00:44 | almost 6 years |
| 17.3.1 | BSD-3-Clause | 1 | 2018-04-02 - 19:18 | about 6 years |
| 17.3.0 | BSD-3-Clause | 1 | 2018-03-31 - 00:33 | about 6 years |
| 17.2.3 | BSD-3-Clause | 1 | 2018-03-16 - 05:38 | about 6 years |
| 17.2.2 | BSD-3-Clause | 1 | 2018-03-07 - 09:17 | about 6 years |
| 17.2.1 | BSD-3-Clause | 1 | 2018-03-01 - 09:45 | about 6 years |
| 17.2.0 | BSD-3-Clause | 1 | 2017-12-20 - 06:31 | over 6 years |
| 17.1.1 | BSD-3-Clause | 1 | 2017-11-23 - 19:08 | over 6 years |
| 17.1.0 | BSD-3-Clause | 1 | 2017-11-23 - 09:46 | over 6 years |
| 17.0.2 | BSD-3-Clause | 1 | 2017-11-21 - 07:25 | over 6 years |
| 17.0.1 | BSD-3-Clause | 1 | 2017-11-05 - 08:55 | over 6 years |
| 17.0.0 | BSD-3-Clause | 1 | 2017-11-03 - 22:30 | over 6 years |
| 17.0.0-rc10 | BSD-3-Clause | 1 | 2017-11-03 - 09:52 | over 6 years |
| 17.0.0-rc9 | BSD-3-Clause | 1 | 2017-10-22 - 08:56 | over 6 years |
| 17.0.0-rc8 | BSD-3-Clause | 1 | 2017-10-18 - 09:30 | over 6 years |
| 17.0.0-rc6 | BSD-3-Clause | 1 | 2017-10-07 - 09:42 | over 6 years |
| 17.0.0-rc4 | BSD-3-Clause | 1 | 2017-10-06 - 23:19 | over 6 years |
| 17.0.0-rc3 | BSD-3-Clause | 1 | 2017-10-06 - 09:13 | over 6 years |
| 17.0.0-rc2 | BSD-3-Clause | 1 | 2017-10-02 - 20:11 | over 6 years |
| 17.0.0-rc1 | BSD-3-Clause | 1 | 2017-09-28 - 19:24 | over 6 years |
| 16.8.4 | SEE LICENSE IN LICENSE.md | 1 | 2024-01-06 - 10:28 | 4 months |
| 16.7.0 | BSD-3-Clause | 1 | 2018-11-06 - 03:27 | over 5 years |
| 16.6.5 | BSD-3-Clause | 1 | 2018-11-05 - 22:47 | over 5 years |
| 16.6.4 | BSD-3-Clause | 1 | 2018-11-02 - 21:52 | over 5 years |
| 16.6.3 | BSD-3-Clause | 1 | 2018-03-01 - 09:54 | about 6 years |
| 16.6.2 | BSD-3-Clause | 1 | 2017-09-25 - 20:37 | over 6 years |
| 16.6.1 | BSD-3-Clause | 1 | 2017-09-24 - 17:34 | over 6 years |
| 16.6.0 | BSD-3-Clause | 1 | 2017-09-12 - 19:36 | over 6 years |
| 16.5.2 | BSD-3-Clause | 1 | 2017-08-04 - 05:01 | over 6 years |
| 16.5.1 | BSD-3-Clause | 1 | 2017-08-04 - 00:11 | over 6 years |
| 16.5.0 | BSD-3-Clause | 1 | 2017-07-20 - 08:38 | almost 7 years |
| 16.4.3 | BSD-3-Clause | 1 | 2017-06-09 - 18:33 | almost 7 years |
| 16.4.2 | BSD-3-Clause | 1 | 2017-06-08 - 07:06 | almost 7 years |
| 16.4.1 | BSD-3-Clause | 1 | 2017-06-05 - 17:27 | almost 7 years |
| 16.4.0 | BSD-3-Clause | 1 | 2017-06-05 - 08:13 | almost 7 years |
| 16.3.1 | BSD-3-Clause | 1 | 2017-06-05 - 03:22 | almost 7 years |
| 16.3.0 | BSD-3-Clause | 1 | 2017-05-30 - 20:47 | almost 7 years |
| 16.2.0 | BSD-3-Clause | 1 | 2017-05-29 - 09:41 | almost 7 years |
| 16.1.1 | BSD-3-Clause | 1 | 2017-03-31 - 20:13 | about 7 years |
| 16.1.0 | BSD-3-Clause | 3 | 2016-12-29 - 22:03 | over 7 years |
| 16.0.3 | BSD-3-Clause | 3 | 2016-12-29 - 08:21 | over 7 years |
| 16.0.2 | BSD-3-Clause | 3 | 2016-12-19 - 08:38 | over 7 years |
| 16.0.1 | BSD-3-Clause | 3 | 2016-12-01 - 19:03 | over 7 years |
| 16.0.0 | BSD-3-Clause | 3 | 2016-11-30 - 00:40 | over 7 years |
| 15.2.0 | BSD-3-Clause | 3 | 2016-10-20 - 17:13 | over 7 years |
| 15.1.1 | BSD-3-Clause | 3 | 2016-09-27 - 20:58 | over 7 years |
| 15.1.0 | BSD-3-Clause | 3 | 2016-09-27 - 00:02 | over 7 years |
| 15.0.3 | BSD-3-Clause | 3 | 2016-09-01 - 00:07 | over 7 years |
| 15.0.2 | BSD-3-Clause | 3 | 2016-08-28 - 21:48 | over 7 years |
| 15.0.1 | BSD-3-Clause | 3 | 2016-08-26 - 23:44 | over 7 years |
| 14.2.0 | BSD-3-Clause | 1 | 2016-08-13 - 20:38 | over 7 years |
| 14.1.0 | BSD-3-Clause | 1 | 2016-08-01 - 19:28 | over 7 years |
| 14.0.0 | BSD-3-Clause | 1 | 2016-07-29 - 18:28 | over 7 years |
| 13.5.3 | BSD-3-Clause | 1 | 2016-07-29 - 18:57 | over 7 years |
| 13.5.0 | BSD-3-Clause | 1 | 2016-07-06 - 03:56 | almost 8 years |
| 13.4.2 | BSD-3-Clause | 1 | 2016-07-04 - 04:31 | almost 8 years |
| 13.4.1 | BSD-3-Clause | 1 | 2016-05-21 - 08:11 | almost 8 years |
| 13.4.0 | BSD-3-Clause | 1 | 2016-05-07 - 21:32 | almost 8 years |
| 13.3.0 | BSD-3-Clause | 1 | 2016-04-02 - 17:22 | about 8 years |
| 13.2.2 | BSD-3-Clause | 1 | 2016-03-25 - 16:50 | about 8 years |
| 13.2.1 | BSD-3-Clause | 1 | 2016-03-11 - 06:11 | about 8 years |
| 13.2.0 | BSD-3-Clause | 1 | 2016-03-11 - 06:07 | about 8 years |
| 13.1.0 | BSD-3-Clause | 1 | 2016-03-10 - 01:50 | about 8 years |
| 13.0.0 | BSD-3-Clause | 1 | 2016-02-01 - 08:16 | about 8 years |
| 12.1.0 | BSD-3-Clause | 1 | 2016-01-09 - 22:38 | over 8 years |
| 12.0.1 | BSD-3-Clause | 1 | 2016-01-06 - 19:32 | over 8 years |
| 12.0.0 | BSD-3-Clause | 1 | 2016-01-04 - 23:10 | over 8 years |
| 11.1.4 | BSD-3-Clause | 1 | 2015-12-27 - 16:15 | over 8 years |
| 11.1.3 | BSD-3-Clause | 3 | 2015-12-23 - 21:52 | over 8 years |
| 11.1.2 | BSD-3-Clause | 5 | 2015-11-21 - 22:30 | over 8 years |
| 11.1.1 | BSD-3-Clause | 5 | 2015-11-14 - 17:39 | over 8 years |
| 11.1.0 | BSD-3-Clause | 5 | 2015-11-05 - 08:51 | over 8 years |
| 11.0.5 | BSD-3-Clause | 5 | 2015-11-03 - 20:53 | over 8 years |
| 11.0.4 | BSD-3-Clause | 5 | 2015-11-03 - 08:14 | over 8 years |
| 11.0.3 | BSD-3-Clause | 5 | 2015-10-30 - 06:09 | over 8 years |
| 11.0.2 | BSD-3-Clause | 5 | 2015-10-21 - 15:42 | over 8 years |
| 11.0.1 | BSD-3-Clause | 5 | 2015-10-20 - 04:47 | over 8 years |
| 11.0.0 | BSD-3-Clause | 5 | 2015-10-16 - 19:30 | over 8 years |
| 10.5.0 | BSD-3-Clause | 7 | 2015-10-15 - 16:00 | over 8 years |