3 matches found
CVE-2026-24398
CVE-2026-24398 — Hono IPv4 address validation bypass : Prior to 4.11.7, IP Restriction Middleware fails to validate IPv4 octets in the src/utils/ipaddr.ts code paths, due to a permissive IPv4_REGEX and an unsafe convertIPv4ToBinary function. This allows crafting malformed IPs that can bypass IP-b...
GHSA-R354-F388-2FHH Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
Summary IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP...
Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
Summary IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP...