File Descriptor Leak Can Cause DoS Vulnerabilityhapi
Versions 2.0.x and 2.1.x of hapi are vulnerable to a denial of service attack via a file descriptor leak.
When triggered repeatedly, this leak will cause the server to run out of file descriptors and the node process to die. The effort required to take down a server depends on the process file descriptor limit. No other side effects or exploits have been identified.
- Please upgrade to version 2.2.x or above as soon as possible.
reportedInitial report by Jo LissOct 17th, 2015
publishedAdvisory publishedFeb 14th, 2014