When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`).
oryginał ENCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NHapijs Hapi
APPHapijs< 11.1.4
Powiązane podatności
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept...
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' except...
Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned...
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MA...