- EPSS 0.03%
- Veröffentlicht 22.08.2024 15:15:16
- Zuletzt bearbeitet 17.09.2025 20:34:47
Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As ...
- EPSS 0.39%
- Veröffentlicht 14.01.2021 23:15:13
- Zuletzt bearbeitet 21.11.2024 05:20:53
The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verify...
CVE-2020-27217
- EPSS 0.33%
- Veröffentlicht 13.11.2020 20:15:16
- Zuletzt bearbeitet 21.11.2024 05:20:52
In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indic...