cvelistv5 - cve-2023-50710

CVE-2023-50710 (GCVE-0-2023-50710)

Vulnerability from cvelistv5 – Published: 2023-12-14 17:22 – Updated: 2024-08-02 22:16

Title

Hono's named path parameters can be overridden in TrieRouter

Summary

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly.

Severity ?

4.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/honojs/hono/security/advisorie…	x_refsource_CONFIRM
	https://github.com/honojs/hono/commit/8e2b6b08518…	x_refsource_MISC
	https://github.com/honojs/hono/releases/tag/v3.11.7	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	honojs	hono	Affected: < 3.11.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:47.211Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq"
          },
          {
            "name": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8"
          },
          {
            "name": "https://github.com/honojs/hono/releases/tag/v3.11.7",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/honojs/hono/releases/tag/v3.11.7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hono",
          "vendor": "honojs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.11.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-14T17:22:26.836Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq"
        },
        {
          "name": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8"
        },
        {
          "name": "https://github.com/honojs/hono/releases/tag/v3.11.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/honojs/hono/releases/tag/v3.11.7"
        }
      ],
      "source": {
        "advisory": "GHSA-f6gv-hh8j-q8vq",
        "discovery": "UNKNOWN"
      },
      "title": "Hono\u0027s named path parameters can be overridden in TrieRouter"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-50710",
    "datePublished": "2023-12-14T17:22:26.836Z",
    "dateReserved": "2023-12-11T17:53:36.028Z",
    "dateUpdated": "2024-08-02T22:16:47.211Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"3.11.7\", \"matchCriteriaId\": \"74A7A157-DE4D-4445-9670-2EBF795FAB11\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly.\"}, {\"lang\": \"es\", \"value\": \"Hono es un framework web escrito en TypeScript. Antes de la versi\\u00f3n 3.11.7, los clientes pueden anular los valores de los par\\u00e1metros de ruta con nombre de solicitudes anteriores si la aplicaci\\u00f3n utiliza TrieRouter. Por lo tanto, existe el riesgo de que un usuario privilegiado utilice par\\u00e1metros no deseados al eliminar recursos de la API REST. TrieRouter se usa expl\\u00edcitamente o cuando la aplicaci\\u00f3n coincide con un patr\\u00f3n que no es compatible con el RegExpRouter predeterminado. La versi\\u00f3n 3.11.7 incluye el cambio para solucionar este problema. Como workaround, evite utilizar TrieRouter directamente.\"}]",
      "id": "CVE-2023-50710",
      "lastModified": "2024-11-21T08:37:11.103",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L\", \"baseScore\": 4.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
      "published": "2023-12-14T18:15:45.270",
      "references": "[{\"url\": \"https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/honojs/hono/releases/tag/v3.11.7\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/honojs/hono/releases/tag/v3.11.7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-50710\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-12-14T18:15:45.270\",\"lastModified\":\"2024-11-21T08:37:11.103\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly.\"},{\"lang\":\"es\",\"value\":\"Hono es un framework web escrito en TypeScript. Antes de la versi\u00f3n 3.11.7, los clientes pueden anular los valores de los par\u00e1metros de ruta con nombre de solicitudes anteriores si la aplicaci\u00f3n utiliza TrieRouter. Por lo tanto, existe el riesgo de que un usuario privilegiado utilice par\u00e1metros no deseados al eliminar recursos de la API REST. TrieRouter se usa expl\u00edcitamente o cuando la aplicaci\u00f3n coincide con un patr\u00f3n que no es compatible con el RegExpRouter predeterminado. La versi\u00f3n 3.11.7 incluye el cambio para solucionar este problema. Como workaround, evite utilizar TrieRouter directamente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"3.11.7\",\"matchCriteriaId\":\"74A7A157-DE4D-4445-9670-2EBF795FAB11\"}]}]}],\"references\":[{\"url\":\"https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/honojs/hono/releases/tag/v3.11.7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/honojs/hono/releases/tag/v3.11.7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-F6GV-HH8J-Q8VQ

Vulnerability from github – Published: 2023-12-15 02:45 – Updated: 2023-12-15 02:45

Summary

Named path parameters can be overridden in TrieRouter

Details

Impact

The clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources.

TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter.

The code to reproduce it. The server side application:

import { Hono } from 'hono'
import { TrieRouter } from 'hono/router/trie-router'

const wait = async (ms: number) => {
  return new Promise((resolve) => {
    setTimeout(resolve, ms)
  })
}

const app = new Hono({ router: new TrieRouter() })

app.use('*', async (c, next) => {
  await wait(Math.random() * 200)
  return next()
})

app.get('/modules/:id/versions/:version', async (c) => {
  const id = c.req.param('id')
  const version = c.req.param('version')

  console.log('path', c.req.path)
  console.log('version', version)

  return c.json({
    id,
    version,
  })
})

export default app

The client code which makes requests to the server application:

const examples = [
  'http://localhost:8787/modules/first/versions/first',
  'http://localhost:8787/modules/second/versions/second',
  'http://localhost:8787/modules/third/versions/third',
]

const test = () => {
  for (const example of examples) {
    fetch(example)
      .then((response) => response.json())
      .then((data) => {
        const splitted = example.split('/')
        const expected = splitted[splitted.length - 1]

        if (expected !== data.version) {
          console.error(`Error: exprected ${expected} but got ${data.version} - url was ${example}`)
        }
      })
  }
}

test()

The results:

Error: exprected second but got third - url was http://localhost:8787/modules/second/versions/second
Error: exprected first but got third - url was http://localhost:8787/modules/first/versions/first

Patches

"v3.11.7" includes the change to fix this issue.

Workarounds

Don't use TrieRouter directly.

// DON'T USE TrieRouter
import { TrieRouter } from 'hono/router/trie-router'
const app = new Hono({ router: new TrieRouter() })

References

Router options on the Hono website: https://hono.dev/api/hono#router-option

Severity ?

4.2 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "hono"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.11.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-50710"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-15T02:45:54Z",
    "nvd_published_at": "2023-12-14T18:15:45Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources.\n\nTrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter.\n\nThe code to reproduce it. The server side application:\n\n```ts\nimport { Hono } from \u0027hono\u0027\nimport { TrieRouter } from \u0027hono/router/trie-router\u0027\n\nconst wait = async (ms: number) =\u003e {\n  return new Promise((resolve) =\u003e {\n    setTimeout(resolve, ms)\n  })\n}\n\nconst app = new Hono({ router: new TrieRouter() })\n\napp.use(\u0027*\u0027, async (c, next) =\u003e {\n  await wait(Math.random() * 200)\n  return next()\n})\n\napp.get(\u0027/modules/:id/versions/:version\u0027, async (c) =\u003e {\n  const id = c.req.param(\u0027id\u0027)\n  const version = c.req.param(\u0027version\u0027)\n\n  console.log(\u0027path\u0027, c.req.path)\n  console.log(\u0027version\u0027, version)\n\n  return c.json({\n    id,\n    version,\n  })\n})\n\nexport default app\n```\n\nThe client code which makes requests to the server application:\n\n```ts\nconst examples = [\n  \u0027http://localhost:8787/modules/first/versions/first\u0027,\n  \u0027http://localhost:8787/modules/second/versions/second\u0027,\n  \u0027http://localhost:8787/modules/third/versions/third\u0027,\n]\n\nconst test = () =\u003e {\n  for (const example of examples) {\n    fetch(example)\n      .then((response) =\u003e response.json())\n      .then((data) =\u003e {\n        const splitted = example.split(\u0027/\u0027)\n        const expected = splitted[splitted.length - 1]\n\n        if (expected !== data.version) {\n          console.error(`Error: exprected ${expected} but got ${data.version} - url was ${example}`)\n        }\n      })\n  }\n}\n\ntest()\n```\n\nThe results:\n\n```txt\nError: exprected second but got third - url was http://localhost:8787/modules/second/versions/second\nError: exprected first but got third - url was http://localhost:8787/modules/first/versions/first\n```\n\n### Patches\n\n\"v3.11.7\" includes the change to fix this issue.\n\n### Workarounds\n\nDon\u0027t use TrieRouter directly.\n\n```ts\n// DON\u0027T USE TrieRouter\nimport { TrieRouter } from \u0027hono/router/trie-router\u0027\nconst app = new Hono({ router: new TrieRouter() })\n```\n\n### References\n\nRouter options on the Hono website: https://hono.dev/api/hono#router-option",
  "id": "GHSA-f6gv-hh8j-q8vq",
  "modified": "2023-12-15T02:45:54Z",
  "published": "2023-12-15T02:45:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50710"
    },
    {
      "type": "WEB",
      "url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/honojs/hono"
    },
    {
      "type": "WEB",
      "url": "https://github.com/honojs/hono/releases/tag/v3.11.7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Named path parameters can be overridden in TrieRouter"
}

FKIE_CVE-2023-50710

Vulnerability from fkie_nvd - Published: 2023-12-14 18:15 - Updated: 2024-11-21 08:37

Severity ?

4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8	Patch
security-advisories@github.com	https://github.com/honojs/hono/releases/tag/v3.11.7	Release Notes
security-advisories@github.com	https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/honojs/hono/releases/tag/v3.11.7	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	hono	hono	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "74A7A157-DE4D-4445-9670-2EBF795FAB11",
              "versionEndExcluding": "3.11.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly."
    },
    {
      "lang": "es",
      "value": "Hono es un framework web escrito en TypeScript. Antes de la versi\u00f3n 3.11.7, los clientes pueden anular los valores de los par\u00e1metros de ruta con nombre de solicitudes anteriores si la aplicaci\u00f3n utiliza TrieRouter. Por lo tanto, existe el riesgo de que un usuario privilegiado utilice par\u00e1metros no deseados al eliminar recursos de la API REST. TrieRouter se usa expl\u00edcitamente o cuando la aplicaci\u00f3n coincide con un patr\u00f3n que no es compatible con el RegExpRouter predeterminado. La versi\u00f3n 3.11.7 incluye el cambio para solucionar este problema. Como workaround, evite utilizar TrieRouter directamente."
    }
  ],
  "id": "CVE-2023-50710",
  "lastModified": "2024-11-21T08:37:11.103",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 2.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-14T18:15:45.270",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/honojs/hono/releases/tag/v3.11.7"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/honojs/hono/releases/tag/v3.11.7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GSD-2023-50710

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-50710

Aliases

CVE-2023-50710

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-50710",
    "id": "GSD-2023-50710"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-50710"
      ],
      "details": "Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly.",
      "id": "GSD-2023-50710",
      "modified": "2023-12-13T01:20:31.316122Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-50710",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "hono",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 3.11.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "honojs"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-94",
                "lang": "eng",
                "value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq",
            "refsource": "MISC",
            "url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq"
          },
          {
            "name": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8",
            "refsource": "MISC",
            "url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8"
          },
          {
            "name": "https://github.com/honojs/hono/releases/tag/v3.11.7",
            "refsource": "MISC",
            "url": "https://github.com/honojs/hono/releases/tag/v3.11.7"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-f6gv-hh8j-q8vq",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*",
                    "matchCriteriaId": "74A7A157-DE4D-4445-9670-2EBF795FAB11",
                    "versionEndExcluding": "3.11.7",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly."
          },
          {
            "lang": "es",
            "value": "Hono es un framework web escrito en TypeScript. Antes de la versi\u00f3n 3.11.7, los clientes pueden anular los valores de los par\u00e1metros de ruta con nombre de solicitudes anteriores si la aplicaci\u00f3n utiliza TrieRouter. Por lo tanto, existe el riesgo de que un usuario privilegiado utilice par\u00e1metros no deseados al eliminar recursos de la API REST. TrieRouter se usa expl\u00edcitamente o cuando la aplicaci\u00f3n coincide con un patr\u00f3n que no es compatible con el RegExpRouter predeterminado. La versi\u00f3n 3.11.7 incluye el cambio para solucionar este problema. Como workaround, evite utilizar TrieRouter directamente."
          }
        ],
        "id": "CVE-2023-50710",
        "lastModified": "2023-12-19T19:44:37.647",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 1.4,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 1.6,
              "impactScore": 2.5,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-12-14T18:15:45.270",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Release Notes"
            ],
            "url": "https://github.com/honojs/hono/releases/tag/v3.11.7"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Exploit",
              "Vendor Advisory"
            ],
            "url": "https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-94"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-50710 (GCVE-0-2023-50710)

GHSA-F6GV-HH8J-Q8VQ

Impact

Patches

Workarounds

References

FKIE_CVE-2023-50710

GSD-2023-50710

Tags

Sightings

Nomenclature