Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsed
Vulnerability Description
The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a hostname such as an empty string, slashes `/`, and other strings. The version 1.10.1 includes the fix for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对异常条件的处理不恰当
Vulnerability Title
node-server 安全漏洞
Vulnerability Description
node-server是一个适配器,允许用户在 Node.js 上运行 Hono 应用程序。 node-server 1.10.1之前版本存在安全漏洞,该漏洞源于接收到无法解析的Host标头时存在拒绝服务风险。
CVSS Information
N/A
Vulnerability Type
N/A