What the vulnerability does

01Description

hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.

Key dates

02Disclosure timeline

June 4, 2018 CVE published
September 17, 2024 Record updated