3 matches found
CVE-2026-56763
CVE-2026-56763 affects Hono prior to 4.12.7. The parseBody function with dot option enabled accepts proto in field names, allowing prototype pollution when parsed results are merged into regular objects via unsafe merge patterns. Impacted behavior includes modification of object prototypes and po...
EUVD-2026-43173
Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...
Prototype Pollution
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Prototype Pollution in parseBody, when the dot option is enabled. An attacker can supply objects with proto properties, which may later be merged by other functions in the application,...