Vulnerabilities > CVE-2023-25166 - Unspecified vulnerability in Hapi Formula

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

hapi

NVD

Published: 2023-02-08

Updated: 2024-11-21

Summary

formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Hapi Hapi Formula 1.0.0 Hapi Formula 1.1.0 Hapi Formula 1.2.0 Hapi Formula 2.0.0 Hapi Formula 3.0.0	5

References

https://github.com/hapijs/formula/commit/9fbc20a02d75ae809c37a610a57802cd1b41b3fe
https://github.com/hapijs/formula/commit/9fbc20a02d75ae809c37a610a57802cd1b41b3fe
https://github.com/hapijs/formula/security/advisories/GHSA-c2jc-4fpr-4vhg
https://github.com/hapijs/formula/security/advisories/GHSA-c2jc-4fpr-4vhg