CVE-2015-9243

Name of the Vulnerable Software and Affected Versions hapi versions prior to 11.1.4

Description The issue arises when server level, connection level, or route level CORS configurations in the hapi node module are combined, and a higher level config includes security restrictions, such as origin. In such cases, the higher level config's security restrictions can be overridden by less restrictive defaults, for example, the origin defaulting to all origins *. This may result in CORS permissions being less restrictive than intended.

Recommendations Update to version 11.1.4 or later.