CVE-2017-16013

HIGH7.5EPSS 0.33%

Denial of Service via malformed accept-encoding header in hapi

Published: 10/9/2018Modified: 11/8/2023

Description

Affected versions of `hapi` will crash or lock the event loop when a malformed `accept-encoding` header is recieved. ## Recommendation Update to version 16.1.1 or later.

Affected packages (1)

npm/hapi>= 15.0.0, < 16.1.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (4)

ADVISORYhttps://github.com/advisories/GHSA-cqjg-whmm-8gv6
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-16013
WEBhttps://github.com/hapijs/hapi/issues/3466
WEBhttps://www.npmjs.com/advisories/335