Products
@hono/node-server
- before 1.10.1
Source
security-advisories@github.com
Tags
CVE-2024-32652 details
Published : April 19, 2024, 7:15 p.m.
Last Modified : April 19, 2024, 7:15 p.m.
Last Modified : April 19, 2024, 7:15 p.m.
Description
The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a hostname such as an empty string, slashes `/`, and other strings. The version 1.10.1 includes the fix for this issue.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.5 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
7.5
Exploitability Score
Impact Score
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
URL | Source |
---|---|
https://github.com/honojs/node-server/commit/d847e60249fd8183ba0998bc379ba20505643204 | security-advisories@github.com |
https://github.com/honojs/node-server/issues/159 | security-advisories@github.com |
https://github.com/honojs/node-server/security/advisories/GHSA-hgxw-5xg3-69jx | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.