CVE-2024-32869

Опубликовано: 23 апр. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where main.ts is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for the issue.

Ссылки

https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65
Patch
https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347
Exploit
Vendor Advisory
https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65
Patch
https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*

Версия до 4.2.7 (исключая)

EPSS

Процентиль: 80%

0.01329

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-3mpf-rcc7-5347