CVE-2024-48913 MEDIUM

CVE-2024-48913: Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.

Vendor Honojs

Product hono

Weakness CWE-352 · CSRF

Published October 15, 2024

Last update November 7, 2024

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. This can allow an attacker to bypass CSRF protection implemented with Hono CSRF middleware. Version 4.6.5 fixes this issue.

Key dates

02Disclosure timeline

October 15, 2024 CVE published

November 7, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-48913 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

CVE-2024-48913: Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.

01Description

02Disclosure timeline

03References

04Related CVE