Closed
Description
Impact
This vulnerability allows an attacker to take down a hapi-based server running versions 2.0.x and 2.1.x.
Details
Versions 2.0.x and 2.1.x have a file descriptor leak that when triggered repeatedly will cause the server to run out of file descriptors and the node process to die. The effort required to take down a server depends on the process file descriptor limit. No other side effects or exploits have been identified.
Advice
Please upgrade to version 2.2.x or above as soon as possible.
Reported Attacks
No attacks have been reported.
Additional Information
If you have any questions or concerns, please reply to this issue or if they are sensitive in nature, email to eran@hammer.io