3 matches found
CVE-2026-54756
The CVE pertains to Jodit Editor (TypeScript WYSIWYG) where versions prior to 4.12.18 expose a Prototype Pollution risk via Jodit.configure(options) and internal ConfigMerge/ConfigProto, which may merge user-controlled options (e.g., under a plain-object option like controls) into Object.prototyp...
Hono 安全漏洞
Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.18 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of the JWT NumericDate field in the hono/utils/jwt directory, allowing non-compliant declaration value...
NPM: Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
NPM: Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...