4 matches found
EUVD-2026-26917
A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...
Prototype Pollution
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Prototype Pollution in parseBody, when the dot option is enabled. An attacker can supply objects with proto properties, which may later be merged by other functions in the application,...
GHSA-V8W9-8MX6-G223 Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })
Summary When using parseBody dot: true in HonoRequest, specially crafted form field names such as proto.x could create objects containing a proto property. If the parsed result is later merged into regular JavaScript objects using unsafe merge patterns, this may lead to prototype pollution in the...
Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })
Summary When using parseBody dot: true in HonoRequest, specially crafted form field names such as proto.x could create objects containing a proto property. If the parsed result is later merged into regular JavaScript objects using unsafe merge patterns, this may lead to prototype pollution in the...