Описание
File Descriptor Leak Can Cause DoS Vulnerability in hapi
Versions 2.0.x and 2.1.x of hapi are vulnerable to a denial of service attack via a file descriptor leak.
When triggered repeatedly, this leak will cause the server to run out of file descriptors and the node process to die. The effort required to take down a server depends on the process file descriptor limit. No other side effects or exploits have been identified.
Recommendation
- Please upgrade to version 2.2.x or above as soon as possible.
Пакеты
Наименование
hapi
npm
Затронутые версииВерсия исправления
>= 2.0.0, < 2.2.0
2.2.0
Связанные уязвимости
nvd
больше 11 лет назад
The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors.