CVE-2024-48913

Summary

CVE-2024-48913 identifies a vulnerability in Hono, a web framework, prior to version 4.6.5, which allows for the bypass of cross-site request forgery (CSRF) protections when requests lack a Content-Type header. The affected products include various versions of Hono-based applications denoted as 'zgnOF4', 'zg7EzZ', 'zgnOF5', 'zg7Eza', and 'zgFyu4'. This vulnerability poses a medium severity risk with an exploitability score of 1.6, requiring no privileges but necessitating user interaction for successful exploitation over the network. To remediate this issue, organizations are advised to upgrade to Hono version 4.6.5 or later, where this vulnerability has been addressed. If exploited, the integrity of sensitive operations may be compromised while the confidentiality impact remains low.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.