CVE-2024-32652 @hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsed

The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that @hono/node-server can't handle well. Invalid values are those that cannot be parsed by the URL as a hostname such as an empty...

PT-2024-24746

Name of the Vulnerable Software and Affected Versions @hono/node-server versions prior to 1.10.1 Description The application hangs when receiving a Host header with a value that @hono/node-server can't handle well. Invalid values are those that cannot be parsed by the URL as a hostname, such as a...

@zemble/node (>=0.0.11 <=0.0.14), waku (>=0.19.0 <=0.19.1) potentially affected by CVE-2024-23340 via @hono/node-server (>=1.3.3 <=1.4.0)

@hono/node-server NPM version =1.3.3, =0.0.11, =0.19.0, =0.19.1 Source cves: CVE-2024-23340 Source advisory: OSV:GHSA-RJQ5-W47X-X359...

CVE-2024-23340

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...

Design/Logic Flaw

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...

CVE-2024-23340 @hono/node-server can't handle "double dots" in URL

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...