Количество 2
Количество 2
CVE-2023-50710
Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly.
GHSA-f6gv-hh8j-q8vq
Named path parameters can be overridden in TrieRouter
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-50710 Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly. | CVSS3: 4.2 | 0% Низкий | около 2 лет назад |
| GHSA-f6gv-hh8j-q8vq Named path parameters can be overridden in TrieRouter | CVSS3: 4.2 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу