Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozZzItbTVqai02MzM2
Unsafe Merging of CORS Configuration Conflict in hapi
Versions of hapi prior to 11.1.4 are affected by a vulnerability that causes route-level CORS configuration to override connection-level or server-level CORS defaults. This may result in a situation where CORS permissions are less restrictive than intended.
Recommendation
Update hapi to version 11.1.4 or later.
Permalink: https://github.com/advisories/GHSA-j3g2-m5jj-6336JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozZzItbTVqai02MzM2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
Identifiers: GHSA-j3g2-m5jj-6336, CVE-2015-9243
References:
- https://github.com/hapijs/hapi/issues/2980
- https://www.npmjs.com/advisories/65
- https://nvd.nist.gov/vuln/detail/CVE-2015-9243
- https://github.com/advisories/GHSA-j3g2-m5jj-6336
Blast Radius: 0.0
Affected Packages
npm:hapi
Dependent packages: 2,534Dependent repositories: 32,983
Downloads: 183,007 last month
Affected Version Ranges: < 11.1.4
Fixed in: 11.1.4
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.9.0, 0.9.1, 0.9.2, 0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.12.0, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.14.0, 0.14.1, 0.14.2, 0.15.0, 0.15.1, 0.15.2, 0.15.3, 0.15.4, 0.15.5, 0.15.6, 0.15.7, 0.15.8, 0.15.9, 0.16.0, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.10.0, 1.11.0, 1.11.1, 1.12.0, 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.16.1, 1.17.0, 1.18.0, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.20.0, 2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 5.0.0, 5.1.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.2.0, 6.2.1, 6.2.2, 6.3.0, 6.4.0, 6.5.0, 6.5.1, 6.6.0, 6.7.0, 6.7.1, 6.8.0, 6.8.1, 6.9.0, 6.10.0, 6.11.0, 6.11.1, 7.0.0, 7.0.1, 7.1.0, 7.1.1, 7.2.0, 7.3.0, 7.4.0, 7.5.0, 7.5.1, 7.5.2, 7.5.3, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.6.0, 8.6.1, 8.8.0, 8.8.1, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.1.0, 9.2.0, 9.3.0, 9.3.1, 9.5.1, 10.0.0, 10.0.1, 10.1.0, 10.2.1, 10.4.0, 10.4.1, 10.5.0, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 11.1.0, 11.1.1, 11.1.2, 11.1.3
All unaffected versions: 11.1.4, 12.0.0, 12.0.1, 12.1.0, 13.0.0, 13.1.0, 13.2.0, 13.2.1, 13.2.2, 13.3.0, 13.4.0, 13.4.1, 13.4.2, 13.5.0, 13.5.3, 14.0.0, 14.1.0, 14.2.0, 15.0.1, 15.0.2, 15.0.3, 15.1.0, 15.1.1, 15.2.0, 16.0.0, 16.0.1, 16.0.2, 16.0.3, 16.1.0, 16.1.1, 16.2.0, 16.3.0, 16.3.1, 16.4.0, 16.4.1, 16.4.2, 16.4.3, 16.5.0, 16.5.1, 16.5.2, 16.6.0, 16.6.1, 16.6.2, 16.6.3, 16.6.4, 16.6.5, 16.7.0, 16.8.4, 17.0.0, 17.0.1, 17.0.2, 17.1.0, 17.1.1, 17.2.0, 17.2.1, 17.2.2, 17.2.3, 17.3.0, 17.3.1, 17.4.0, 17.5.0, 17.5.1, 17.5.2, 17.5.3, 17.5.4, 17.5.5, 17.6.0, 17.6.1, 17.6.2, 17.6.3, 17.6.4, 17.7.0, 17.8.0, 17.8.1, 17.8.2, 17.8.3, 17.8.4, 17.8.5, 18.0.0, 18.0.1, 18.1.0