Home > Vulnerability Database > CVE-2014-4179

Mend.io Vulnerability Database

CVE-2014-4179

Good to know:

Date: June 16, 2014

Yar uses an encrypted cookie for session support, during the hapi request/reply flow if this cookie value is invalid (changed by the end-user), a request object variable is not set. In versions prior 2.2.0, the presence of this variable was not validated prior to use, resulting in an unhandled ReferenceError, which in most cases will crash the process.

Language: JS

Severity Score

7.2

Related Resources (3)

Url: https://github.com/spumko/yar/issues/34

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-4179

Url: https://www.mend.io/vulnerability-database/CVE-2014-4179

Severity Score

7.2

Top Fix

Upgrade Version

Upgrade to version yar - 2.2.0

Learn More

CVSS v3

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2014-4179

Good to know:

Date: June 16, 2014

Language: JS

Severity Score

Related Resources (3)

Severity Score

Top Fix

Upgrade Version

CVSS v3

Do you need more information?