Hono Web Framework Vulnerable to CSRF Bypass
CVE-2024-48913
5.9MEDIUM
What is CVE-2024-48913?
The Hono web framework is susceptible to a bypass of its cross-site request forgery (CSRF) middleware due to improper handling of requests lacking a Content-Type header. The CSRF middleware is designed to check the Content-Type of incoming requests. However, in the versions prior to 4.6.5, requests that do not include this header are incorrectly treated as safe, thus allowing potential attacks that can circumvent CSRF protections. Users of Hono are urged to upgrade to version 4.6.5 or later to mitigate this security issue.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
hono < 4.6.5
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved