Sideway

sideway

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Hapi Crumb

hapi_crumb

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-7193 1Sideway 1Hapi Crumb May 6, 2026 Dec 25, 2014 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially...Show more The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site that is visited by an application consumer.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2014-7193

1Sideway

1Hapi Crumb

May 6, 2026

Dec 25, 2014

N/A· v4

N/A· v3

5.8 MEDIUM· v2

The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site that is visited by an application consumer.Show less