CVE-2015-9243
Unsafe Merging of CORS Configuration Conflict in hapi
EPSS 0.17%
Description
Versions of `hapi` prior to 11.1.4 are affected by a vulnerability that causes route-level CORS configuration to override connection-level or server-level CORS defaults. This may result in a situation where CORS permissions are less restrictive than intended. ## Recommendation Update hapi to version 11.1.4 or later.
How to fix CVE-2015-9243
To remediate CVE-2015-9243, upgrade the affected package to a fixed version below.
- npm/hapi—upgrade to 11.1.4 or later
Is CVE-2015-9243 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 11.1.4