Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hono: SSE Control Field Injection via CR/LF in writeSSE()
Vulnerability Description
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not validated for carriage return (\r) or newline (\n) characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Hono 注入漏洞
Vulnerability Description
Hono是Hono社区的一个用 TypeScript 编写的 Web 框架。 Hono 4.12.4之前版本存在注入漏洞,该漏洞源于streamSSE函数未验证事件、ID和重试字段中的回车或换行符,可能导致在SSE事件帧中注入额外的SSE字段。
CVSS Information
N/A
Vulnerability Type
N/A