CVE-2015-9243

EPSS 0.17%

Unsafe Merging of CORS Configuration Conflict in hapi

Published: 9/1/2020Modified: 11/8/2023

Description

Versions of `hapi` prior to 11.1.4 are affected by a vulnerability that causes route-level CORS configuration to override connection-level or server-level CORS defaults. This may result in a situation where CORS permissions are less restrictive than intended. ## Recommendation Update hapi to version 11.1.4 or later.

Affected packages (1)

npm/hapifrom 0, < 11.1.4

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-9243
WEBhttps://github.com/hapijs/hapi/issues/2980
WEBhttps://www.npmjs.com/advisories/65