EUVD-2026-4774

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

CVE-2024-48913 Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.

Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery CSRF middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. Th...

CVE-2024-48913

Hono (web framework) before version 4.6.5 is vulnerable to CSRF protection bypass: the csrf middleware treats a request without a Content-Type header as safe, allowing an attacker to bypass CSRF protection. Impact is arthritic to user actions guarded by CSRF middleware, with reported CVSS 5.9 (Me...

CVE-2023-50710

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...