cve/2024/CVE-2024-32652.md

### [CVE-2024-32652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32652)
![](https://img.shields.io/static/v1?label=Product&message=node-server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%201.3.0%2C%20%3C%201.10.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-755%3A%20Improper%20Handling%20of%20Exceptional%20Conditions&color=brighgreen)

### Description

The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a hostname such as an empty string, slashes `/`, and other strings. The version 1.10.1 includes the fix for this issue.

### POC

#### Reference
- https://github.com/honojs/node-server/issues/159
- https://github.com/honojs/node-server/issues/159

#### Github
No PoCs found on GitHub currently.