1. Home
  2. Vulnerabilities
  3. CVE-2023-50710

CVE-2023-50710

CVSS v3.1 4.3 (Medium)
43% Progress
EPSS 0.05 % (21th)
0.05% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly.

Weaknesses
CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2023-12-14 18:15:45
(8 months ago)
Updated Date
2023-12-19 19:44:37
(8 months ago)

Affected Products

Hono

Configuration #1

    CPE23 From Up To
  Hono for Node.js prior 3.11.7 version cpe:2.3:a:hono:hono::*:*:*:*:node.js < 3.11.7