{"url":"http://public2.vulnerablecode.io/api/packages/198907?format=json","purl":"pkg:npm/hapi@0.8.0","type":"npm","namespace":"","name":"hapi","version":"0.8.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37993?format=json","vulnerability_id":"VCID-14sc-5rkp-vqf7","summary":"Route level CORS config overrides connection level defaults\nWhen server level, connection level or route level CORS configurations are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`).","references":[{"reference_url":"https://github.com/hapijs/hapi/issues/2980","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hapijs/hapi/issues/2980"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52466?format=json","purl":"pkg:npm/hapi@11.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-57mj-ycd4-5ue9"},{"vulnerability":"VCID-pzsr-ms2j-suhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/hapi@11.1.4"}],"aliases":["GMS-2015-57"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14sc-5rkp-vqf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53336?format=json","vulnerability_id":"VCID-57mj-ycd4-5ue9","summary":"Denial of Service in hapi\nAll Versions of `hapi` are vulnerable to Denial of Service. The CORS request handler has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. If no unhandled exception handler is available, the application will exist, allowing an attacker to shut down services.\n\n\n## Recommendation\n\nThis package is deprecated and is now maintained as `@hapi/hapi`. Please update your dependencies to use `@hapi/hapi`.","references":[{"reference_url":"https://www.npmjs.com/advisories/1481","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1481"},{"reference_url":"https://github.com/advisories/GHSA-7hx8-2rxv-66xv","reference_id":"GHSA-7hx8-2rxv-66xv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7hx8-2rxv-66xv"}],"fixed_packages":[],"aliases":["GHSA-7hx8-2rxv-66xv","GMS-2020-731"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57mj-ycd4-5ue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37991?format=json","vulnerability_id":"VCID-628z-c14k-eycu","summary":"Denial of service - Potential socket exhaustion\nCertain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP error back to the sender, hapi will continue to hold the socket open until timed out (default node timeout is 2 minutes).","references":[{"reference_url":"https://github.com/hapijs/hapi/commit/aab2496e930dce5ee1ab28eecec94e0e45f03580","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hapijs/hapi/commit/aab2496e930dce5ee1ab28eecec94e0e45f03580"},{"reference_url":"https://github.com/jfhbrook/node-ecstatic/pull/179","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jfhbrook/node-ecstatic/pull/179"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52464?format=json","purl":"pkg:npm/hapi@11.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14sc-5rkp-vqf7"},{"vulnerability":"VCID-57mj-ycd4-5ue9"},{"vulnerability":"VCID-65r6-6rum-tbgb"},{"vulnerability":"VCID-pzsr-ms2j-suhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/hapi@11.1.3"}],"aliases":["GMS-2015-54"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-628z-c14k-eycu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52992?format=json","vulnerability_id":"VCID-65r6-6rum-tbgb","summary":"Unsafe Merging of CORS Configuration Conflict in hapi\nWhen server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9243","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37343","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37392","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37398","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37367","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37329","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37301","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9243"},{"reference_url":"https://github.com/hapijs/hapi/issues/2980","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hapijs/hapi/issues/2980"},{"reference_url":"https://nodesecurity.io/advisories/65","reference_id":"","reference_type":"","scores":[],"url":"https://nodesecurity.io/advisories/65"},{"reference_url":"https://www.npmjs.com/advisories/65","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/65"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9243","reference_id":"CVE-2015-9243","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9243"},{"reference_url":"https://github.com/advisories/GHSA-j3g2-m5jj-6336","reference_id":"GHSA-j3g2-m5jj-6336","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3g2-m5jj-6336"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52466?format=json","purl":"pkg:npm/hapi@11.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-57mj-ycd4-5ue9"},{"vulnerability":"VCID-pzsr-ms2j-suhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/hapi@11.1.4"}],"aliases":["CVE-2015-9243","GHSA-j3g2-m5jj-6336"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65r6-6rum-tbgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37927?format=json","vulnerability_id":"VCID-8ak4-egcc-gyfq","summary":"Incorrect handling of CORS preflight request headers\nHapi implement CORS incorrectly and allowes for configurations that at best return inconsistent headers and at worst allow cross-origin activities that are expected to be forbidden.","references":[{"reference_url":"https://github.com/hapijs/hapi/issues/2840","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hapijs/hapi/issues/2840"},{"reference_url":"https://github.com/hapijs/hapi/issues/2850","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hapijs/hapi/issues/2850"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52379?format=json","purl":"pkg:npm/hapi@11.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14sc-5rkp-vqf7"},{"vulnerability":"VCID-57mj-ycd4-5ue9"},{"vulnerability":"VCID-628z-c14k-eycu"},{"vulnerability":"VCID-65r6-6rum-tbgb"},{"vulnerability":"VCID-dp14-gu2s-k3cm"},{"vulnerability":"VCID-pzsr-ms2j-suhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/hapi@11.0.0"}],"aliases":["GMS-2015-36"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ak4-egcc-gyfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30508?format=json","vulnerability_id":"VCID-98pz-6m8n-c3fa","summary":"Rosetta-Flash JSONP Vulnerability\nThis description taken from the pull request provided by Patrick Kettner.\n\n[Background from the vulnerabilty finder](http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/)\n\ntl:dr - someone created a alphanum only swf converter, which means that they can in theory use it as a callback at a JSONP endpoint, and as a result, send data across domains.\n\nPrepending callbacks with an empty inline comment breaks the flash parser, and prevents the issue. This is a fairly common solution currently being implemented by Google, Facebook, and Github.","references":[{"reference_url":"https://github.com/patrickkettner)","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/patrickkettner)"},{"reference_url":"https://github.com/spumko/hapi/pull/1766)","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/spumko/hapi/pull/1766)"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/12.json","reference_id":"12","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/12.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6539?format=json","purl":"pkg:npm/hapi@6.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14sc-5rkp-vqf7"},{"vulnerability":"VCID-57mj-ycd4-5ue9"},{"vulnerability":"VCID-628z-c14k-eycu"},{"vulnerability":"VCID-65r6-6rum-tbgb"},{"vulnerability":"VCID-8ak4-egcc-gyfq"},{"vulnerability":"VCID-dp14-gu2s-k3cm"},{"vulnerability":"VCID-mamy-u8vm-13bd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/hapi@6.1.0"}],"aliases":["CVE-2014-4671A"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98pz-6m8n-c3fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39791?format=json","vulnerability_id":"VCID-dp14-gu2s-k3cm","summary":"Improper Input Validation\nCertain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9241","reference_id":"","reference_type":"","scores":[{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57525","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.5753","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57512","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57524","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57534","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57472","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9241"},{"reference_url":"https://github.com/hapijs/hapi/commit/aab2496e930dce5ee1ab28eecec94e0e45f03580","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hapijs/hapi/commit/aab2496e930dce5ee1ab28eecec94e0e45f03580"},{"reference_url":"https://github.com/jfhbrook/node-ecstatic/pull/179","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jfhbrook/node-ecstatic/pull/179"},{"reference_url":"https://nodesecurity.io/advisories/63","reference_id":"","reference_type":"","scores":[],"url":"https://nodesecurity.io/advisories/63"},{"reference_url":"https://nodesecurity.io/advisories/64","reference_id":"","reference_type":"","scores":[],"url":"https://nodesecurity.io/advisories/64"},{"reference_url":"https://www.npmjs.com/advisories/63","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/63"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9241","reference_id":"CVE-2015-9241","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9241"},{"reference_url":"https://github.com/advisories/GHSA-rc8h-3fv6-pxv8","reference_id":"GHSA-rc8h-3fv6-pxv8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rc8h-3fv6-pxv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52464?format=json","purl":"pkg:npm/hapi@11.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14sc-5rkp-vqf7"},{"vulnerability":"VCID-57mj-ycd4-5ue9"},{"vulnerability":"VCID-65r6-6rum-tbgb"},{"vulnerability":"VCID-pzsr-ms2j-suhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/hapi@11.1.3"}],"aliases":["CVE-2015-9241","GHSA-rc8h-3fv6-pxv8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dp14-gu2s-k3cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39812?format=json","vulnerability_id":"VCID-mamy-u8vm-13bd","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nHapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9236","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48346","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48314","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48302","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48331","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48349","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48283","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9236"},{"reference_url":"https://github.com/hapijs/hapi/issues/2840","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hapijs/hapi/issues/2840"},{"reference_url":"https://github.com/hapijs/hapi/issues/2850","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hapijs/hapi/issues/2850"},{"reference_url":"https://nodesecurity.io/advisories/45","reference_id":"","reference_type":"","scores":[],"url":"https://nodesecurity.io/advisories/45"},{"reference_url":"https://www.npmjs.com/advisories/45","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/45"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9236","reference_id":"CVE-2015-9236","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9236"},{"reference_url":"https://github.com/advisories/GHSA-vwrf-r5r4-7775","reference_id":"GHSA-vwrf-r5r4-7775","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vwrf-r5r4-7775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52379?format=json","purl":"pkg:npm/hapi@11.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14sc-5rkp-vqf7"},{"vulnerability":"VCID-57mj-ycd4-5ue9"},{"vulnerability":"VCID-628z-c14k-eycu"},{"vulnerability":"VCID-65r6-6rum-tbgb"},{"vulnerability":"VCID-dp14-gu2s-k3cm"},{"vulnerability":"VCID-pzsr-ms2j-suhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/hapi@11.0.0"}],"aliases":["CVE-2015-9236","GHSA-vwrf-r5r4-7775"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mamy-u8vm-13bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52941?format=json","vulnerability_id":"VCID-v8fx-xus5-37dz","summary":"Cross-Site Request Forgery (CSRF)\nAdobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.","references":[{"reference_url":"http://helpx.adobe.com/security/products/flash-player/apsb14-17.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"},{"reference_url":"http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash"},{"reference_url":"http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/","reference_id":"","reference_type":"","scores":[],"url":"http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0860.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0860.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4671.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4671.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4671","reference_id":"","reference_type":"","scores":[{"value":"0.35827","scoring_system":"epss","scoring_elements":"0.97174","published_at":"2026-06-07T12:55:00Z"},{"value":"0.35827","scoring_system":"epss","scoring_elements":"0.97173","published_at":"2026-06-06T12:55:00Z"},{"value":"0.35827","scoring_system":"epss","scoring_elements":"0.97171","published_at":"2026-06-05T12:55:00Z"},{"value":"0.35827","scoring_system":"epss","scoring_elements":"0.97168","published_at":"2026-06-04T12:55:00Z"},{"value":"0.35827","scoring_system":"epss","scoring_elements":"0.97176","published_at":"2026-06-09T12:55:00Z"},{"value":"0.35827","scoring_system":"epss","scoring_elements":"0.97175","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4671"},{"reference_url":"http://secunia.com/advisories/59774","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59774"},{"reference_url":"http://secunia.com/advisories/59837","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59837"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201407-02.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-201407-02.xml"},{"reference_url":"https://github.com/hapijs/hapi/commit/d47f57abf23bdaa84f61aed2bac94ae5f358afb7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hapijs/hapi/commit/d47f57abf23bdaa84f61aed2bac94ae5f358afb7"},{"reference_url":"https://github.com/patrickkettner","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patrickkettner"},{"reference_url":"https://github.com/spumko/hapi","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spumko/hapi"},{"reference_url":"https://github.com/spumko/hapi/pull/1766","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spumko/hapi/pull/1766"},{"reference_url":"https://www.npmjs.com/advisories/12","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/12"},{"reference_url":"http://www.securityfocus.com/bid/68457","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/68457"},{"reference_url":"http://www.securitytracker.com/id/1030533","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030533"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1117588","reference_id":"1117588","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1117588"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4671","reference_id":"CVE-2014-4671","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4671"},{"reference_url":"https://github.com/advisories/GHSA-363h-vj6q-3cmj","reference_id":"GHSA-363h-vj6q-3cmj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-363h-vj6q-3cmj"},{"reference_url":"https://security.gentoo.org/glsa/201407-02","reference_id":"GLSA-201407-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201407-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0860","reference_id":"RHSA-2014:0860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0860"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6539?format=json","purl":"pkg:npm/hapi@6.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14sc-5rkp-vqf7"},{"vulnerability":"VCID-57mj-ycd4-5ue9"},{"vulnerability":"VCID-628z-c14k-eycu"},{"vulnerability":"VCID-65r6-6rum-tbgb"},{"vulnerability":"VCID-8ak4-egcc-gyfq"},{"vulnerability":"VCID-dp14-gu2s-k3cm"},{"vulnerability":"VCID-mamy-u8vm-13bd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/hapi@6.1.0"}],"aliases":["CVE-2014-4671","GHSA-363h-vj6q-3cmj"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v8fx-xus5-37dz"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/hapi@0.8.0"}