PT-2020-20997 — Hapi @Hapi/Subtext

PT-2020-20997 · Hapi · @Hapi/Subtext

Published

2020-09-03

Updated

2020-09-03

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions @hapi/subtext versions prior to 6.1.3 @hapi/subtext versions prior to 7.0.3

Description The Content-Encoding HTTP header parser in @hapi/subtext has a vulnerability that can cause a system error when the header contains invalid values. This error can lead to the application exiting if no unhandled exception handler is available, allowing an attacker to shut down services.

Recommendations Upgrade to version 6.1.3 Upgrade to version 7.0.3

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

GHSA-3WQH-H42R-X8FQ

Affected Products

@Hapi/Subtext