Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.
Vulnerability Description
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. This can allow an attacker to bypass CSRF protection implemented with Hono CSRF middleware. Version 4.6.5 fixes this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Hono 跨站请求伪造漏洞
Vulnerability Description
Hono是Hono社区的一个用 TypeScript 编写的 Web 框架。 Hono 4.6.5版本之前存在跨站请求伪造漏洞,该漏洞源于缺少跨站请求伪造检查。
CVSS Information
N/A
Vulnerability Type
N/A