Lucene search
K

7 matches found

Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59896 hono/jsx does not isolate context per request, leading to cross-request data disclosure

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS0.00191EPSS
Exploits0References3
CVE
CVE
added 5 days ago8 views

CVE-2026-59896

Hono/jsx in the Hono web framework exposes a cross-request data disclosure during server-side rendering. From version 4.11.8 up to, but not including, 4.12.27, context values created via createContext, useContext, jsxRenderer, or useRequestContext were not isolated per request and could be reused...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Hono 注入漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.16 had an injection vulnerability. This vulnerability stemmed from improper handling of JSX element tag names in hono/jsx, allowing unvalidated tag names to be directly inserted into the generated...

6.1CVSS5.8AI score0.0014EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 11:49 p.m.11 views

hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

Summary Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the programmatic jsx or createElement APIs during server-side rendering, specially crafted values may...

6.1CVSS5.7AI score0.0014EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/16 1:2 a.m.4 views

GHSA-458J-XX4X-4375 hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR

Summary Improper handling of JSX attribute names in hono/jsx allows malformed attribute keys to corrupt the generated HTML output. When untrusted input is used as attribute keys during server-side rendering, specially crafted keys can break out of attribute or tag boundaries and inject unintended...

4.3CVSS5.7AI score0.00174EPSS
Exploits0References2
OSV
OSV
added 2026/01/27 7:41 p.m.5 views

CVE-2026-24771 Hono has a Cross-site Scripting vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as...

4.7CVSS6AI score0.00298EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/27 7:41 p.m.3 views

CVE-2026-24771

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as...

4.7CVSS6AI score0.00298EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder