13 matches found
CVE-2026-44456
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Th...
CVE-2026-44456
CVE-2026-44456 affects hono; prior to version 4.12.16, bodyLimit() may fail to enforce maxSize for requests without Content-Length (e.g., Transfer-Encoding: chunked), allowing oversized requests to reach handlers and potentially return 200 instead of 413. The issue is resolved in 4.12.16. Affecte...
CVE-2026-44456
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Th...
NPM: Hono: bodyLimit() can be bypassed for chunked / unknown-length requests
NPM: Hono: bodyLimit can be bypassed for chunked / unknown-length requests vulnerability discovered by ? in WordPress Npm hono versions 4.12.16...
PT-2026-38319
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.16 Description The bodyLimit function does not reliably enforce the maxSize parameter for requests that lack a usable Content-Length, such as those using Transfer-Encoding: chunked. For these requests, the function...
CVE-2025-64331 Suricata is vulnerable to a stack overflow on large file transfers with http-body-printable
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...
EUVD-2025-29042
Malicious code in bioql PyPI...
Hono has Body Limit Middleware Bypass
Summary A flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. Details The middleware previously prioritized the Content-Length header even when a Transfer-Encoding: chunked header was also included. According to...
GHSA-92VJ-G62V-JQHH Hono has Body Limit Middleware Bypass
Summary A flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. Details The middleware previously prioritized the Content-Length header even when a Transfer-Encoding: chunked header was also included. According to...
HTTP Request Smuggling
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the bodyLimit middleware when conflicting HTTP headers are present. An attacker can cause excessive memory or CPU consumption by sending oversized request bodie...
CVE-2025-59139 Hono has Body Limit Middleware Bypass
Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...
CVE-2025-59139 Hono has Body Limit Middleware Bypass
Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...
CVE-2025-59139 Hono has Body Limit Middleware Bypass
Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...