Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware using upper-case form-like MIME type. This vulnerability is fixed in 4.5.8.
Metrics
Affected Vendors & Products
References
History
Thu, 22 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Eclipse
Eclipse hono |
|
CPEs | cpe:2.3:a:eclipse:hono:*:*:*:*:*:*:*:* | |
Vendors & Products |
Eclipse
Eclipse hono |
|
Metrics |
ssvc
|
Thu, 22 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware using upper-case form-like MIME type. This vulnerability is fixed in 4.5.8. | |
Title | Hono CSRF middleware can be bypassed using crafted Content-Type header | |
Weaknesses | CWE-352 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-22T14:23:44.025Z
Updated: 2024-08-22T15:40:32.051Z
Reserved: 2024-08-16T14:20:37.323Z
Link: CVE-2024-43787
Vulnrichment
Updated: 2024-08-22T15:40:25.066Z
NVD
Status : Awaiting Analysis
Published: 2024-08-22T15:15:16.857
Modified: 2024-08-23T16:18:28.547
Link: CVE-2024-43787
Redhat
No data.