Application Framework Vulnerability in hapi by Walmart Labs
CVE-2017-16013

7.5HIGH

Key Information:

Vendor: Hackerone
Status: Hapi Node Module
Vendor: CVE Published:; 4 June 2018

What is CVE-2017-16013?

A vulnerability exists in the hapi application framework versions between 15.0.0 and 16.1.0 that allows malformed accept-encoding headers to trigger an uncaught exception. This exception can lead to the application crashing or causing client connections to hang until the timeout is reached, potentially disrupting services and user experiences. Developers using affected versions should take immediate action to secure their applications.

Affected Version(s)

hapi node module >= 15.0.0 <= 16.1.0

References

https://nodesecurity.io/advisories/335

x_refsource_MISC

https://github.com/hapijs/hapi/issues/3466

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2018
Vulnerability Reserved
Oct 29, 2017

Hackerone

What is CVE-2017-16013?

Affected Version(s)

References

CVSS V3.1

Timeline