Home > Vulnerability Database > CVE-2014-4179

Mend.io Vulnerability Database

CVE-2014-4179

Good to know:

Date: August 19, 2025

Yar uses an encrypted cookie for session support, during the hapi request/reply flow if this cookie value is invalid (changed by the end-user), a request object variable is not set. In versions prior 2.2.0, the presence of this variable was not validated prior to use, resulting in an unhandled ReferenceError, which in most cases will crash the process.

Language: JS

Severity Score

7.5

Related Resources (5)

Url: https://github.com/spumko/yar

Url: https://www.npmjs.com/advisories/44

Url: https://github.com/spumko/yar/issues/34

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-4179

Url: https://www.mend.io/vulnerability-database/CVE-2014-4179

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version yar - 2.2.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2014-4179

Good to know:

Date: August 19, 2025

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?