2 matches found
CRLF Injection
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to CRLF Injection via the writeSSE function when untrusted input containing carriage return or newline characters is passed to the event, id, or retry fields. An attacker can inject addition...
CVE-2026-29085 Hono: SSE Control Field Injection via CR/LF in writeSSE()
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as...