CVE-2015-9241

描述

Versions of `hapi` prior to 11.1.3 are affected by a denial of service vulnerability. The vulnerability is triggered when certain input is passed into the If-Modified-Since or Last-Modified headers. This causes an 'illegal access' exception to be raised, and instead of sending a HTTP 500 error back to the sender, hapi will continue to hold the socket open until timed out (default node timeout is 2 minutes). ## Recommendation Update to v11.1.3 or later

受影響套件(1)

• npm/hapifrom 0, < 11.1.3

參考連結(5)

• ADVISORYhttps://github.com/advisories/GHSA-rc8h-3fv6-pxv8
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-9241
• WEBhttps://github.com/hapijs/hapi/commit/aab2496e930dce5ee1ab28eecec94e0e45f03580
• WEBhttps://github.com/jfhbrook/node-ecstatic/pull/179
• WEBhttps://www.npmjs.com/advisories/63