CVE-2024-43787

CVSS v3.1 5 (Medium)

EPSS 0.04 % (16^th)

Advisories 1

NVD Status Awaiting Analysis

Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware using upper-case form-like MIME type. This vulnerability is fixed in 4.5.8.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

CVE Status: PUBLISHED
NVD Status: Awaiting Analysis
CNA: GitHub, Inc.
Published Date: 2024-08-22 15:15:16
(3 weeks ago)
Updated Date: 2024-08-23 16:18:28
(3 weeks ago)