Lucene search
K

44 matches found

OSV
OSV
added 2024/01/22 11:0 p.m.34 views

CVE-2024-23340 @hono/node-server can't handle "double dots" in URL

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...

5.3CVSS5.5AI score0.00722EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/01/22 11:0 p.m.14 views

CVE-2024-23340 @hono/node-server can't handle "double dots" in URL

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...

5.3CVSS5.8AI score0.00722EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/01/22 11:0 p.m.5 views

CVE-2024-23340 @hono/node-server can't handle "double dots" in URL

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...

5.3CVSS7AI score0.00722EPSS
Exploits1References3
CVE
CVE
added 2024/01/22 11:0 p.m.220 views

CVE-2024-23340

The CVE concerns @hono/node-server (Node.js adapter) where its custom Request.url does not resolve ". ." (double dots), causing un-resolved paths like http://localhost/static/.. /foo.txt to be passed to serveStatic. This path-traversal can enable access to unintended files on the static server, u...

5.3CVSS5.5AI score0.00722EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder