Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2017-16013

hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed accept-encoding header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.

Published: Jun 4, 2018
Updated: Nov 9, 2025
CVE: CVE-2017-16013
GHSA: GHSA-cqjg-whmm-8gv6
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20
CWE-400

Affected Software
References

Software	From	Fixed in
hapijs / hapi	15.0.0	16.1.0.x
@hapi / hapi	15.0.0	16.1.1

https://github.com/hapijs/hapi/issues/3466
https://nodesecurity.io/advisories/335
https://www.npmjs.com/advisories/335

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo