November Perfect Moustache
hapi

Unsafe Merging of CORS Configuration Conflict

Severity: moderate

Overview

Versions of hapi prior to 11.1.4 are affected by a vulnerability that causes route-level CORS configuration to override connection-level or server-level CORS defaults. This may result in a situation where CORS permissions are less restrictive than intended.

Remediation

Update hapi to version 11.1.4 or later.

Vulnerable versions

0.0.1
7 years ago
0.0.2
7 years ago
0.0.3
7 years ago
0.0.4
7 years ago
0.0.5
7 years ago
0.0.6
7 years ago
0.1.0
7 years ago
0.1.1
7 years ago
0.1.2
7 years ago
0.1.3
6 years ago
0.2.0
6 years ago
0.2.1
6 years ago
0.3.0
6 years ago
0.4.0
6 years ago
0.4.1
6 years ago
0.4.2
6 years ago
0.4.3
6 years ago
0.4.4
6 years ago
0.5.0
6 years ago
0.5.1
6 years ago
0.6.0
6 years ago
0.6.1
6 years ago
0.5.2
6 years ago
0.7.0
6 years ago
0.7.1
6 years ago
0.8.0
6 years ago
0.8.1
6 years ago
0.8.2
6 years ago
0.8.3
6 years ago
0.8.4
6 years ago
0.9.0
6 years ago
0.9.1
6 years ago
0.9.2
6 years ago
0.10.0
6 years ago
0.10.1
6 years ago
0.11.0
6 years ago
0.11.1
6 years ago
0.11.2
6 years ago
0.11.3
6 years ago
0.12.0
6 years ago
0.13.0
6 years ago
0.13.1
6 years ago
0.13.2
6 years ago
0.11.4
5 years ago
0.13.3
5 years ago
0.14.0
5 years ago
0.14.1
5 years ago
0.14.2
5 years ago
0.15.0
5 years ago
0.15.1
5 years ago
0.15.2
5 years ago
0.15.3
5 years ago
0.15.4
5 years ago
0.15.5
5 years ago
0.15.6
5 years ago
0.15.7
5 years ago
0.15.8
5 years ago
0.15.9
5 years ago
0.16.0
5 years ago
1.0.0
5 years ago
1.0.1
5 years ago
1.0.2
5 years ago
1.0.3
5 years ago
1.1.0
5 years ago
1.2.0
5 years ago
1.3.0
5 years ago
1.4.0
5 years ago
1.5.0
5 years ago
1.6.0
5 years ago
1.6.1
5 years ago
1.6.2
5 years ago
1.7.0
5 years ago
1.7.1
5 years ago
1.7.2
5 years ago
1.7.3
5 years ago
1.8.0
5 years ago
1.8.1
5 years ago
1.8.2
5 years ago
1.8.3
5 years ago
1.9.0
5 years ago
1.9.1
5 years ago
1.9.2
5 years ago
1.9.3
5 years ago
1.9.4
5 years ago
1.9.5
5 years ago
1.9.6
5 years ago
1.9.7
5 years ago
1.10.0
5 years ago
1.11.0
5 years ago
1.11.1
5 years ago
1.12.0
5 years ago
1.13.0
5 years ago
1.14.0
5 years ago
1.15.0
5 years ago
1.16.0
5 years ago
1.16.1
5 years ago
1.17.0
5 years ago
1.18.0
5 years ago
1.19.0
5 years ago
1.19.1
5 years ago
1.19.2
5 years ago
1.19.3
5 years ago
1.19.4
5 years ago
1.19.5
5 years ago
1.20.0
5 years ago
2.0.0
5 years ago
2.1.0
5 years ago
2.1.1
5 years ago
2.1.2
5 years ago
2.2.0
5 years ago
2.3.0
5 years ago
2.4.0
4 years ago
2.5.0
4 years ago
2.6.0
4 years ago
3.0.0
4 years ago
3.0.1
4 years ago
3.0.2
4 years ago
3.1.0
4 years ago
4.0.0
4 years ago
4.0.1
4 years ago
4.0.2
4 years ago
4.0.3
4 years ago
4.1.0
4 years ago
4.1.1
4 years ago
4.1.2
4 years ago
4.1.3
4 years ago
4.1.4
4 years ago
5.0.0
4 years ago
5.1.0
4 years ago
6.0.0
4 years ago
6.0.1
4 years ago
6.0.2
4 years ago
6.1.0
4 years ago
6.2.0
4 years ago
6.2.1
4 years ago
6.2.2
4 years ago
6.3.0
4 years ago
6.4.0
4 years ago
6.5.0
4 years ago
6.5.1
4 years ago
6.6.0
4 years ago
6.7.0
4 years ago
6.7.1
4 years ago
6.8.0
4 years ago
6.8.1
4 years ago
6.9.0
4 years ago
6.10.0
4 years ago
6.11.0
4 years ago
6.11.1
4 years ago
7.0.0
4 years ago
7.0.1
4 years ago
7.1.0
4 years ago
7.1.1
4 years ago
7.2.0
4 years ago
7.3.0
4 years ago
7.4.0
4 years ago
7.5.0
4 years ago
7.5.1
4 years ago
7.5.2
4 years ago
8.0.0
4 years ago
7.5.3
4 years ago
8.1.0
4 years ago
8.2.0
4 years ago
8.3.0
3 years ago
8.3.1
3 years ago
8.4.0
3 years ago
8.5.0
3 years ago
8.5.1
3 years ago
8.5.2
3 years ago
8.5.3
3 years ago
8.6.0
3 years ago
8.6.1
3 years ago
8.8.0
3 years ago
8.8.1
3 years ago
9.0.0
3 years ago
9.0.1
3 years ago
9.0.2
3 years ago
9.0.3
3 years ago
9.0.4
3 years ago
9.1.0
3 years ago
9.2.0
3 years ago
9.3.0
3 years ago
9.3.1
3 years ago
10.0.0
3 years ago
10.0.1
3 years ago
10.1.0
3 years ago
10.2.0
3 years ago
10.2.1
3 years ago
10.3.0
3 years ago
10.4.0
3 years ago
10.4.1
3 years ago
10.5.0
3 years ago
11.0.0
3 years ago
11.0.1
3 years ago
11.0.2
3 years ago
11.0.3
3 years ago
11.0.4
3 years ago
11.0.5
3 years ago
11.1.0
3 years ago
11.1.1
3 years ago
11.1.2
3 years ago
11.1.3
3 years ago
9.5.1
3 years ago

Unaffected versions

2.0.0-preview
5 years ago
0.5.1-a
5 years ago
0.5.1-b
5 years ago
0.5.1-b2
5 years ago
0.5.1-c
5 years ago
8.0.0-rc1
4 years ago
8.0.0-rc2
4 years ago
8.0.0-rc3
4 years ago
8.0.0-rc4
4 years ago
8.0.0-rc5
4 years ago
8.0.0-rc6
4 years ago
8.0.0-rc7
4 years ago
8.0.0-rc8
4 years ago
8.0.0-rc9
4 years ago
11.1.4
3 years ago
12.0.0
3 years ago
12.0.1
3 years ago
12.1.0
3 years ago
13.0.0
3 years ago
13.1.0
2 years ago
13.2.0
2 years ago
13.2.1
2 years ago
13.2.2
2 years ago
13.3.0
2 years ago
13.4.0
2 years ago
13.4.1
2 years ago
13.4.2
2 years ago
13.5.0
2 years ago
13.5.1
2 years ago
13.5.2
2 years ago
14.0.0
2 years ago
13.5.3
2 years ago
14.1.0
2 years ago
14.2.0
2 years ago
15.0.0
2 years ago
15.0.1
2 years ago
15.0.2
2 years ago
15.0.3
2 years ago
15.1.0
2 years ago
15.1.1
2 years ago
15.2.0
2 years ago
16.0.0
2 years ago
16.0.1
2 years ago
16.0.2
2 years ago
16.0.3
2 years ago
16.1.0
2 years ago
16.1.1
a year ago
16.2.0
a year ago
16.3.0
a year ago
16.3.1
a year ago
16.4.0
a year ago
16.4.1
a year ago
16.4.2
a year ago
16.4.3
a year ago
16.5.0
a year ago
16.5.1
a year ago
16.5.2
a year ago
16.6.0
a year ago
16.6.1
a year ago
16.6.2
a year ago
17.0.0-rc1
a year ago
17.0.0-rc2
10 months ago
17.0.0-rc3
10 months ago
17.0.0-rc4
10 months ago
17.0.0-rc5
10 months ago
17.0.0-rc6
10 months ago
17.0.0-rc8
10 months ago
17.0.0-rc9
10 months ago
17.0.0-rc10
9 months ago
17.0.0
9 months ago
17.0.1
9 months ago
17.0.2
9 months ago
17.1.0
9 months ago
17.1.1
9 months ago
17.2.0
8 months ago
17.2.1
5 months ago
16.6.3
5 months ago
17.2.2
5 months ago
17.2.3
5 months ago
17.3.0
5 months ago
17.3.1
4 months ago
17.4.0
4 months ago
17.5.0
3 months ago
17.5.1
3 months ago
17.5.2
2 months ago
17.5.3
13 days ago

Resources

Advisory timeline

  1. Published

    Advisory published
    Dec 28th, 2015
  2. Reported

    Initial report by Eran Hammer
    Dec 28th, 2015