CVE-2015-9243

EPSS 0.17%

Unsafe Merging of CORS Configuration Conflict in hapi

發布日:2020/9/1修改日:2023/11/8

描述

Versions of `hapi` prior to 11.1.4 are affected by a vulnerability that causes route-level CORS configuration to override connection-level or server-level CORS defaults. This may result in a situation where CORS permissions are less restrictive than intended. ## Recommendation Update hapi to version 11.1.4 or later.

受影響套件(1)

npm/hapifrom 0, < 11.1.4

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-9243
WEBhttps://github.com/hapijs/hapi/issues/2980
WEBhttps://www.npmjs.com/advisories/65