CVE-2023-50710

Published: Dic 14, 2023 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2023-3193 Aliases: GHSA-f6gv-hh8j-q8vq

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,2

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: low

Description

AI Translation Available

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0036

Percentile

0,6th

Updated

EPSS Score Trend (Last 90 Days)

Improper Control of Generation of Code ('Code Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality Availability Non-Repudiation

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Hide Activities

Applicable Platforms

Languages: Interpreted

Technologies: AI/ML

Likelihood of Exploit: Medium

View CWE Details

Application

Hono by Hono

Product Information

Vendor Hono

Product Hono

Version Range Affected

To 3.11.7 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/honojs/hono/commit/8e2b6b08518998783f66d…

Patch

https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8

https://github.com/honojs/hono/releases/tag/v3.11.7

Release Notes

https://github.com/honojs/hono/releases/tag/v3.11.7

https://github.com/honojs/hono/security/advisories/GHSA-f6g…

Exploit Vendor Advisory

https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq

https://github.com/honojs/hono/commit/8e2b6b08518998783f66d…

Patch

https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8

https://github.com/honojs/hono/releases/tag/v3.11.7

Release Notes

https://github.com/honojs/hono/releases/tag/v3.11.7

https://github.com/honojs/hono/security/advisories/GHSA-f6g…

Exploit Vendor Advisory

https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq

CVE-2023-50710

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Control of Generation of Code ('Code Injection')

Common Consequences

Applicable Platforms

Hono by Hono

Product Information

Iscriviti alla newsletter