Описание
Denial of Service via malformed accept-encoding header in hapi
Affected versions of hapi will crash or lock the event loop when a malformed accept-encoding header is recieved.
Recommendation
Update to version 16.1.1 or later.
Пакеты
Наименование
hapi
npm
Затронутые версииВерсия исправления
>= 15.0.0, <= 16.1.0
16.1.1
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.