High severityNVD Advisory· Published May 16, 2014· Updated May 6, 2026
CVE-2014-3742
CVE-2014-3742
Description
The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hapinpm | >= 2.0.0, < 2.2.0 | 2.2.0 |
Affected products
4cpe:2.3:a:spumko_project:hapi_server_framework:2.0.0:-:*:*:*:node.js:*:*+ 3 more
- cpe:2.3:a:spumko_project:hapi_server_framework:2.0.0:-:*:*:*:node.js:*:*
- cpe:2.3:a:spumko_project:hapi_server_framework:2.0.0:preview:*:*:*:node.js:*:*
- cpe:2.3:a:spumko_project:hapi_server_framework:2.1.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:spumko_project:hapi_server_framework:2.1.2:*:*:*:*:node.js:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-cqr7-78pj-3g7jghsaADVISORY
- nodesecurity.io/advisories/hapi_File_descriptor_leak_DoS_vulnerabilitynvdVendor Advisory
- nvd.nist.gov/vuln/detail/CVE-2014-3742ghsaADVISORY
- www.openwall.com/lists/oss-security/2014/05/13/1nvdWEB
- www.openwall.com/lists/oss-security/2014/05/15/2nvdWEB
- github.com/spumko/hapi/issues/1427nvdWEB
- www.npmjs.com/advisories/11ghsaWEB
News mentions
0No linked articles in our index yet.