CVE-2023-50710

CVE-2023-50710 is a medium-severity vulnerability in Hono with a CVSS 3.x base score of 4.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-94.

Key facts

Description

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly.

Frequently asked questions

What is CVE-2023-50710?
Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. As a workaround, avoid using TrieRouter directly.
How severe is CVE-2023-50710?
CVE-2023-50710 has a CVSS 3.x base score of 4.2, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and user interaction. Impact on confidentiality is none, integrity low, and availability low.
Is CVE-2023-50710 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (46th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2023-50710?
CVE-2023-50710 affects Hono. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2023-50710?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2023-50710 published?
CVE-2023-50710 was published on 2023-12-14 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Hono

All CVEs affecting Hono →

Other CWE-94 (Code Injection) vulnerabilities

Browse all CWE-94 (Code Injection) vulnerabilities →