3 matches found
@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +591 more potentially affected by CVE-2026-47675 via hono (>=0.5.10 <=4.12.2)
hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-47675 Source advisory: OSV:GHSA-3HRH-PFW6-9M5X...
@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.11.1) +310 more potentially affected by CVE-2026-47675 via hono (>=4.0.0 <=4.12.2)
hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =0.5.4 - @babylen/legion =0.1.7 and more Source cves: CVE-2026-47675 Source advisory: SNYK:JS-HONO-17055753...
CVE-2026-47675
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite an...