Description
When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`).
Remediation
References
https://github.com/hapijs/hapi/issues/2980
https://nodesecurity.io/advisories/65
Related Vulnerabilities
CVE-2023-27602 Vulnerability in maven package org.apache.linkis:linkis-dist
CVE-2020-27216 Vulnerability in maven package jetty:jetty
CVE-2021-23388 Vulnerability in npm package forms
CVE-2021-25924 Vulnerability in maven package cd.go.plugin:go-plugin-api
CVE-2019-3580 Vulnerability in maven package org.openrefine:openrefine