Lucene search
+L

45 matches found

nvd
nvd
added 2026/03/04 11:16 p.m.7 views

CVE-2026-29045

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...

9.8CVSS0.00437EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/04 10:9 p.m.25 views

CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...

7.5CVSS0.00437EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/04 10:9 p.m.4 views

CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...

7.5CVSS5.8AI score0.00437EPSS
Exploits0References2
osv
osv
added 2026/03/04 10:9 p.m.6 views

CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...

7.5CVSS5.7AI score0.00437EPSS
Exploits0References4
euvd
euvd
added 2026/03/04 7:48 p.m.6 views

EUVD-2026-9506

Hono vulnerable to arbitrary file access via serveStatic vulnerability...

7.5CVSS6AI score0.00437EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/04 12:0 a.m.9 views

PT-2026-23075

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.4 Description Hono is a Web application framework supporting various JavaScript runtimes. An inconsistency in URL decoding between the router decodeURI and serveStatic decodeURIComponent allowed protected static...

9.8CVSS5.9AI score0.00437EPSS
Exploits0References176
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-1083

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00642EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0418

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00722EPSS
Exploits1References5
redhatcve
redhatcve
added 2025/05/23 8:39 a.m.4 views

CVE-2024-23340

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...

5.3CVSS7AI score0.00722EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 8:35 a.m.5 views

CVE-2024-32869

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where main.ts is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for t...

5.3CVSS6.8AI score0.00642EPSS
Exploits1References1
veracode
veracode
added 2024/04/24 9:19 a.m.13 views

Path Traversal

Hono is vulnerable to Path Traversal. The vulnerability is caused due due to a lack of proper path validation when using serveStatic with Deno. This allows an attacker to access unintended files through directory traversal, potentially leading to unauthorized data exposure or manipulation...

5.3CVSS6.7AI score0.00642EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2024/04/23 9:15 p.m.31 views

CVE-2024-32869

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where main.ts is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for t...

5.3CVSS5.2AI score0.00642EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2024/04/23 8:20 p.m.9 views

CVE-2024-32869 Hono vulnerable to Restricted Directory Traversal in serveStatic with deno

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where main.ts is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for t...

5.3CVSS6.7AI score0.00642EPSS
Exploits1References2
cve
cve
added 2024/04/23 8:20 p.m.90 views

CVE-2024-32869

Hono CVE-2024-32869 involves a path traversal bug in serveStatic when used with Deno, allowing traversal of the directory containing main.ts and potential exposure of unintended files. Affected product: Hono web framework; vulnerable component: serveStatic middleware (Deno runtime path handling)....

5.3CVSS6.5AI score0.00642EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2024/04/23 8:20 p.m.40 views

CVE-2024-32869 Hono vulnerable to Restricted Directory Traversal in serveStatic with deno

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where main.ts is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for t...

5.3CVSS5.5AI score0.00642EPSS
Exploits1References2
github
github
added 2024/04/23 4:20 p.m.29 views

Hono vulnerable to Restricted Directory Traversal in serveStatic with deno

Summary When using serveStatic with deno, it is possible to directory traverse where main.ts is located. My environment is configured as per this tutorial https://hono.dev/getting-started/deno PoC bash $ tree . ├── deno.json ├── deno.lock ├── main.ts ├── README.md └── static └── a.txt source jsx...

5.3CVSS5.3AI score0.00642EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2024/04/23 12:0 a.m.12 views

PT-2024-24924 · Hono +1 · Hono +1

Name of the Vulnerable Software and Affected Versions: Hono versions prior to 4.2.7 Description: The issue allows directory traversal when using serveStatic with deno, potentially resulting in the retrieval of unexpected files, including the contents of main.ts. This can occur because the...

5.3CVSS7.1AI score0.00642EPSS
Exploits1References9
github
github
added 2024/01/23 2:42 p.m.53 views

@hono/node-server cannot handle "double dots" in URL

Impact Since v1.3.0, we use our own Request object. This is great, but the url behavior is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request will be in the resolved path. ts const req = new...

5.3CVSS7.4AI score0.00722EPSS
Exploits1References5Affected Software1
osv
osv
added 2024/01/23 2:42 p.m.26 views

GHSA-RJQ5-W47X-X359 @hono/node-server cannot handle "double dots" in URL

Impact Since v1.3.0, we use our own Request object. This is great, but the url behavior is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request will be in the resolved path. ts const req = new...

5.3CVSS5.6AI score0.00722EPSS
Exploits1References5
nvd
nvd
added 2024/01/22 11:15 p.m.14 views

CVE-2024-23340

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...

5.3CVSS5.6AI score0.00722EPSS
Exploits1References3
Rows per page
Query Builder