CVE-2017-16013

HIGH7.5EPSS 0.33%

Denial of Service via malformed accept-encoding header in hapi

發布日:2018/10/9修改日:2023/11/8

描述

Affected versions of `hapi` will crash or lock the event loop when a malformed `accept-encoding` header is recieved. ## Recommendation Update to version 16.1.1 or later.

受影響套件(1)

npm/hapi>= 15.0.0, < 16.1.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(4)

ADVISORYhttps://github.com/advisories/GHSA-cqjg-whmm-8gv6
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-16013
WEBhttps://github.com/hapijs/hapi/issues/3466
WEBhttps://www.npmjs.com/advisories/335