27 matches found
CVE-2024-32652
Summary: CVE-2024-32652 affects the Node.js adapter @hono/node-server. Before version 1.10.1, handling of invalid Host header values (e.g., empty strings or values not parseable as a hostname) could cause the application to hang via an Invalid URL error. The advisory states that 1.10.1 fixes the ...
CVE-2024-32652 @hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsed
The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that @hono/node-server can't handle well. Invalid values are those that cannot be parsed by the URL as a hostname such as an empty...
PT-2024-24746
Name of the Vulnerable Software and Affected Versions @hono/node-server versions prior to 1.10.1 Description The application hangs when receiving a Host header with a value that @hono/node-server can't handle well. Invalid values are those that cannot be parsed by the URL as a hostname, such as a...
@zemble/node (>=0.0.11 <=0.0.14), waku (>=0.19.0 <=0.19.1) potentially affected by CVE-2024-23340 via @hono/node-server (>=1.3.3 <=1.4.0)
@hono/node-server NPM version =1.3.3, =0.0.11, =0.19.0, =0.19.1 Source cves: CVE-2024-23340 Source advisory: OSV:GHSA-RJQ5-W47X-X359...
CVE-2024-23340
@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...
Design/Logic Flaw
@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...
CVE-2024-23340 @hono/node-server can't handle "double dots" in URL
@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...