CVE-2024-43787

Summary

CVE-2024-43787 is a vulnerability in the Hono web application framework that allows attackers to bypass CSRF middleware due to case sensitivity issues with MIME types. Affected products include various versions of x-PQDB, x-PQDA, x-PxP7, x-PxP6, x-PIet, x-PIeu, x-PxP8, and x-PIev. The flaw arises because the function that checks for form-like MIME types only matches lowercase headers, thus enabling an attacker to exploit this discrepancy using upper-case MIME types. The vulnerability has been rated with a medium severity score of 5.0 and requires user interaction for exploitation, while its potential impact on confidentiality and integrity is considered low. Remediation is available in version 4.5.8 of the framework.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.