CSRF Middleware Bypass in Hono Web Application Framework by Hono
CVE-2024-43787

Currently unrated

Key Information:

Vendor: Hono
Status: Hono Web Application Framework
Vendor: CVE Published:; 22 August 2024

What is CVE-2024-43787?

The Hono Web Application Framework is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability due to a flaw in its CSRF middleware. An attacker can exploit this vulnerability by crafting a malicious Content-Type header that uses an upper-case MIME type. As the matching mechanism for the CSRF protection does not differentiate between upper-case and lower-case MIME types, it allows the attacker to bypass the security checks and launch a CSRF attack. This issue was addressed in version 4.5.8 of the Hono framework.

References

https://github.com/honojs/hono/security/advisories/GHSA-r...

https://github.com/honojs/hono/commit/41ce840379516410dee...

https://github.com/honojs/hono/blob/b0af71fbcc6dbe44140ea...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2024

CVE-2024-43787 Data

JSON