CVE-2015-9243

Summary

When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins *).

Affected Software

VendorProductVersion RangeStatus
HackerOnehapi node module<11.1.4affected

Weaknesses

  • CWE-284: Improper Access Control - Generic (CWE-284)

ADP Enrichment

CVE Program Container

Additional References

References