216.73.216.75

CVE-2024-43787

· Published 22/08/2024 15:15 · Modified 23/08/2024 16:18

Labels: CVE-2024-43787 2024-08-22CVE-2024-43787CWE-352[email protected]

Essential information

Published
22/08/2024 15:15
Modified
23/08/2024 16:18
Author
Creator
CVSS
5.0 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS metrics

Description

Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware using upper-case form-like MIME type. This vulnerability is fixed in 4.5.8.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References