CVE-2014-7193

Crumb plugin <3.0.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site that is visited by an application consumer.

References (2)

Core 2

Scores

EPSS 0.0137
EPSS Percentile 68.5%

Details

CWE
CWE-284
Status published
Products (2)
npm/crumb 0 - 3.0.0npm
sideway/hapi_crumb < 2.2.0
Published Dec 25, 2014
Tracked Since Feb 18, 2026