3 matches found
Hono CSRF middleware can be bypassed using crafted Content-Type header
Summary Hono CSRF middleware can be bypassed using crafted Content-Type header. Details MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. https://github.com/honojs/hono/blob/b0af71fbcc6dbe44140ea76f16d68dfdb32a99a0/src/middleware/csrf/index.tsL16-L17 As a...
CVE-2024-43787
CVE-2024-43787: Hono CSRF middleware can be bypassed via crafted Content-Type header due to MIME-type matching only lower-case isRequestedByFormElementRe; this allows bypass of CSRF protection. Affected: Hono prior to 4.5.8. Impact per sources: CSRF protection bypass (low/partial impact described...
CVE-2024-43787 Hono CSRF middleware can be bypassed using crafted Content-Type header
Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware...