2 matches found
0agent (>=1.0.1 <=1.1.5), 0dot (=0.6.0) +60703 more potentially affected by CVE-2024-43787 via hono (>=0.5.10 <=4.5.7)
hono NPM version =0.5.10, =1.0.1, =1.0.0, =0.1.0, =0.1.0, =0.1.6, =0.1.0, =2.0.0, =1.0.0, =0.3.2, =0.1.0, =0.3.8 and more Source cves: CVE-2024-43787 Source advisory: OSV:GHSA-RPFR-3M35-5VX5...
CVE-2024-43787 Hono CSRF middleware can be bypassed using crafted Content-Type header
Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware...