Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package hapi, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2015-9241 — CVSS 7.5 (high): Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of…
CVE-2017-16013 — CVSS 7.5 (high): hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught…
CVE-2015-9243 — CVSS 5.9 (medium): When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher…
CVE-2015-9236 — CVSS 5.3 (medium): Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at…
CVE-2014-3742 — CVSS 5.0 (medium): The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor…
CVE-2014-4671 — CVSS 4.3 (medium): Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before…