Lucene search

Veracode Vulnerability DatabaseVERACODE:46552

HistoryApr 22, 2024 - 5:11 a.m.

Improper Handling Of Exceptional Conditions

2024-04-2205:11:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

exception handling

request.ts

err_invalid_url

denial of service

dos

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

@hono/node-server is vulnerable to Improper Handling of Exceptional Conditions. The vulnerability is caused due to improper exception handling in the newRequest() function within request.ts. This function fails with ERR_INVALID_URL when handling invalid Host header values, such as empty strings or slashes, resulting in a potential Denial of Service(DoS).

CPENameOperatorVersion
@hono/node-serverle1.10.1
@hono/node-serverle1.10.1

CPE	Name	Operator	Version
	@hono/node-server	le	1.10.1
	@hono/node-server	le	1.10.1

References

github.com/advisories/GHSA-hgxw-5xg3-69jx

github.com/honojs/node-server/blob/c22f7500dc64bc08e1f8321f81d148eb061ec256/src/request.ts#L117-L126

github.com/honojs/node-server/commit/306d98f02a8671a0a1fb91ac8fe7e281690c05af

github.com/honojs/node-server/commit/d847e60249fd8183ba0998bc379ba20505643204

github.com/honojs/node-server/issues/159

github.com/honojs/node-server/issues/161

github.com/honojs/node-server/security/advisories/GHSA-hgxw-5xg3-69jx

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for VERACODE:46552