GHSA-Q5QW-H33P-QVWR Hono vulnerable to arbitrary file access via serveStatic vulnerability
Summary When using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without authorization. The router used decodeURI, while serveStatic used decodeURIComponent. This mismatch allowe...