CVE-2015-9236

Name of the Vulnerable Software and Affected Versions Hapi versions prior to 11.0.0

Description The issue arises from incorrect CORS implementation in affected versions, leading to inconsistent headers and potentially allowing cross-origin activities that should be forbidden. Specifically, when CORS is enabled for the connection but disabled for a non-GET route, the OPTIONS prefetch request returns default CORS headers, and the subsequent actual request proceeds without returning CORS headers, thus defeating the purpose of CORS configuration on the route.

Recommendations Update to version 11.0.0 or later.