EUVD-2025-29042

Malicious code in bioql PyPI...

EUVD-2023-2224

Malicious code in bioql PyPI...

EUVD-2025-6969

Malicious code in bioql PyPI...

CVE-2025-59139

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...

GHSA-92VJ-G62V-JQHH Hono has Body Limit Middleware Bypass

Summary A flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. Details The middleware previously prioritized the Content-Length header even when a Transfer-Encoding: chunked header was also included. According to...

Hono has Body Limit Middleware Bypass

Summary A flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. Details The middleware previously prioritized the Content-Length header even when a Transfer-Encoding: chunked header was also included. According to...

CVE-2025-59139

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...

HTTP Request Smuggling

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the bodyLimit middleware when conflicting HTTP headers are present. An attacker can cause excessive memory or CPU consumption by sending oversized request bodie...

CVE-2025-59139 Hono has Body Limit Middleware Bypass

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...

CVE-2025-59139 Hono has Body Limit Middleware Bypass

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...

CVE-2025-59139 Hono has Body Limit Middleware Bypass

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...

CVE-2025-59139

CVE-2025-59139 affects the Hono web framework (pre-4.9.7). A flaw in the bodyLimit middleware allowed bypassing the configured request body size limit when conflicting headers were present, because Content-Length could be prioritized over Transfer-Encoding: chunked. The HTTP spec requires Transfe...

PT-2025-37316

Name of the Vulnerable Software and Affected Versions: Hono versions prior to 4.9.7 Description: Hono is a Web application framework that provides support for any JavaScript runtime. A flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting...

Linux Distros Unpatched Vulnerability : CVE-2020-7659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request...

Linux Distros Unpatched Vulnerability : CVE-2021-33037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstance...

Security Bulletin: This vulnerability can lead to cache poisoning, data exposure, session manipulation, etc , which affects IBM watsonx.data

Summary Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning...

Linux Distros Unpatched Vulnerability : CVE-2020-1944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content...

Linux Distros Unpatched Vulnerability : CVE-2021-21299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can...

Linux Distros Unpatched Vulnerability : CVE-2023-47641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the...

Linux Distros Unpatched Vulnerability : CVE-2024-47220

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a...