GHSA-2GCR-MFCQ-WCC3 Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Summary app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte...

PT-2026-46843

Summary app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte...

CVE-2023-31461

Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability...

EUVD-2023-35767

Malicious code in bioql PyPI...

CVE-2023-31461

Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability...

CVE-2023-31461

Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability...

Path traversal

Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability...

PT-2023-23343 · Steelseries · Steelseries Gg

Name of the Vulnerable Software and Affected Versions: SteelSeries GG version 36.0.0 Description: The issue allows attackers to exploit an open API listener to create a sub-application that will be executed automatically from a controlled location, due to a path traversal vulnerability...