578 matches found
ROOT-APP-NPM-CVE-2026-56761 CVE-2026-56761 in @rootio/hono - Patched by Root
Root has patched CVE-2026-56761 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44455 CVE-2026-44455 in @rootio/hono - Patched by Root
Root has patched CVE-2026-44455 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44458 CVE-2026-44458 in @rootio/hono - Patched by Root
Root has patched CVE-2026-44458 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-47675 CVE-2026-47675 in @rootio/hono - Patched by Root
Root has patched CVE-2026-47675 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44456 CVE-2026-44456 in @rootio/hono - Patched by Root
Root has patched CVE-2026-44456 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-47673 CVE-2026-47673 in @rootio/hono - Patched by Root
Root has patched CVE-2026-47673 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-47676 CVE-2026-47676 in @rootio/hono - Patched by Root
Root has patched CVE-2026-47676 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-54286 CVE-2026-54286 in @rootio/hono - Patched by Root
Root has patched CVE-2026-54286 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-47674 CVE-2026-47674 in @rootio/hono - Patched by Root
Root has patched CVE-2026-47674 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-54288 CVE-2026-54288 in @rootio/hono - Patched by Root
Root has patched CVE-2026-54288 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-54290 CVE-2026-54290 in @rootio/hono - Patched by Root
Root has patched CVE-2026-54290 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44457 CVE-2026-44457 in @rootio/hono - Patched by Root
Root has patched CVE-2026-44457 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
CVE-2026-56764 Hono - Timing Attack in basicAuth and bearerAuth Middleware
Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...
EUVD-2026-44631
Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...
CVE-2026-56763
Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...
EUVD-2026-43173
Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...
CVE-2026-56763
CVE-2026-56763 affects Hono prior to 4.12.7. The parseBody function with dot option enabled accepts proto in field names, allowing prototype pollution when parsed results are merged into regular objects via unsafe merge patterns. Impacted behavior includes modification of object prototypes and po...
CVE-2026-56763 Hono - Prototype Pollution via __proto__ Key in parseBody with dot Option
Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...
CVE-2026-56763 Hono - Prototype Pollution via __proto__ Key in parseBody with dot Option
Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...
CVE-2026-59896
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...