Lucene search
K

238 matches found

Cvelist
Cvelist
added 2025/09/12 1:3 p.m.9 views

CVE-2025-59139 Hono has Body Limit Middleware Bypass

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...

5.3CVSS0.00416EPSS
Exploits0References2
CVE
CVE
added 2025/09/12 1:3 p.m.31 views

CVE-2025-59139

CVE-2025-59139 affects the Hono web framework (pre-4.9.7). A flaw in the bodyLimit middleware allowed bypassing the configured request body size limit when conflicting headers were present, because Content-Length could be prioritized over Transfer-Encoding: chunked. The HTTP spec requires Transfe...

5.3CVSS6.2AI score0.00416EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/09/12 1:3 p.m.5 views

CVE-2025-59139 Hono has Body Limit Middleware Bypass

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...

5.3CVSS6.3AI score0.00416EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.5 views

Hono 安全漏洞

Hono is a web framework written in TypeScript from the Hono community. A security vulnerability exists in Hono versions prior to 4.9.7, which stems from the bodyLimit middleware prioritizing the Content-Length header when handling conflicting HTTP headers, which could lead to a denial of service...

5.3CVSS6.2AI score0.00416EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/07 12:45 a.m.8 views

CVE-2025-58362

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References1
NVD
NVD
added 2025/09/05 12:15 a.m.6 views

CVE-2025-58362

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

7.5CVSS0.00498EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.7 views

Hono 安全漏洞

Hono is a web framework written in TypeScript from the Hono community. A security vulnerability exists in Hono 4.9.5 and earlier versions, which stems from an error in the path resolution of the getPath function and could lead to bypassing proxy ACLs...

7.5CVSS6.3AI score0.00498EPSS
Exploits0References3
OSV
OSV
added 2025/09/04 11:56 p.m.5 views

CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

7.5CVSS6.3AI score0.00498EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/04 11:56 p.m.2 views

CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

7.5CVSS6AI score0.00498EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/03 9:30 p.m.2 views

Use of Incorrectly-Resolved Name or Reference

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the getPath function in the utils/url.ts file. An attacker can gain unauthorized access to protected endpoints by sending specially craft...

8.7CVSS6.9AI score0.00498EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.19 views

CVE-2024-48913

Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery CSRF middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. Th...

5.9CVSS7AI score0.00304EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 6:29 a.m.11 views

CVE-2024-43787

Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware...

5CVSS6.7AI score0.00231EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:35 a.m.10 views

CVE-2023-50710

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...

4.3CVSS6.7AI score0.00638EPSS
Exploits1References1
OSV
OSV
added 2024/10/15 5:43 p.m.4 views

GHSA-2234-FMW7-43WR Hono allows bypass of CSRF Middleware by a request without Content-Type header.

Summary Bypass CSRF Middleware by a request without Content-Type herader. Details Although the csrf middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe...

5.9CVSS5.8AI score0.00304EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.5 views

Hono 跨站请求伪造漏洞

Hono is a web framework written in TypeScript from the Hono community. A cross-site request forgery vulnerability exists in Hono prior to version 4.6.5, which stems from a lack of cross-site request forgery checks...

5.9CVSS6.5AI score0.00304EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.4 views

Hono 安全漏洞

Hono is a web framework written in TypeScript from the Hono community. A security vulnerability exists in Hono versions prior to 4.5.8, which stems from the ability to bypass CSRF middleware using a specially crafted Content-Type header...

5CVSS6.4AI score0.00231EPSS
Exploits1References4
OSV
OSV
added 2024/04/23 4:20 p.m.6 views

GHSA-3MPF-RCC7-5347 Hono vulnerable to Restricted Directory Traversal in serveStatic with deno

Summary When using serveStatic with deno, it is possible to directory traverse where main.ts is located. My environment is configured as per this tutorial https://hono.dev/getting-started/deno PoC bash $ tree . ├── deno.json ├── deno.lock ├── main.ts ├── README.md └── static └── a.txt source jsx...

5.3CVSS5.9AI score0.00642EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/04/23 12:0 a.m.6 views

Hono 安全漏洞

Hono is a web framework written in TypeScript from the Hono community. A security vulnerability exists in Hono versions prior to 4.2.7, which stems from using serveStatic with deno to traverse the directory where main.ts is located, potentially retrieving unexpected files...

5.3CVSS6.7AI score0.00642EPSS
Exploits1References3
Rows per page
Query Builder