Описание
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4_REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP addresses that bypass IP-based access controls. Version 4.11.7 contains a patch for the issue.
Уязвимые конфигурации
Конфигурация 1Версия до 4.11.7 (исключая)
cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 2%
0.00012
Низкий
4.8 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-185
Связанные уязвимости
CVSS3: 4.8
github
11 дней назад
Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
EPSS
Процентиль: 2%
0.00012
Низкий
4.8 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-185