Hono

Hono

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2026-24771

  • EPSS 0.04%
  • Veröffentlicht 27.01.2026 19:41:33
  • Zuletzt bearbeitet 04.02.2026 15:28:20

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the hono/jsx library. Under certain usage patterns, u...

5.3

CVE-2026-24473

  • EPSS 0.02%
  • Veröffentlicht 27.01.2026 19:37:52
  • Zuletzt bearbeitet 04.02.2026 15:30:35

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to rea...

5.3

CVE-2026-24472

  • EPSS 0.01%
  • Veröffentlicht 27.01.2026 19:34:33
  • Zuletzt bearbeitet 04.02.2026 15:32:14

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middlew...

6.5

CVE-2026-24398

  • EPSS 0.01%
  • Veröffentlicht 27.01.2026 19:06:42
  • Zuletzt bearbeitet 04.02.2026 15:34:58

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` func...

6.5

CVE-2026-22817

  • EPSS 0.02%
  • Veröffentlicht 13.01.2026 19:49:55
  • Zuletzt bearbeitet 20.01.2026 16:48:05

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the sele...

6.5

CVE-2026-22818

  • EPSS 0.02%
  • Veröffentlicht 13.01.2026 19:49:52
  • Zuletzt bearbeitet 20.01.2026 16:47:51

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verificatio...

8.1

CVE-2025-62610

Exploit
  • EPSS 0.04%
  • Veröffentlicht 22.10.2025 19:24:08
  • Zuletzt bearbeitet 04.02.2026 15:56:20

Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a built-in aud (Audience) verification option, which can cause confused-deputy ...

5.3

CVE-2025-59139

  • EPSS 0.14%
  • Veröffentlicht 12.09.2025 13:03:05
  • Zuletzt bearbeitet 17.09.2025 20:35:36

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the `bodyLimit` middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were pre...

7.5

CVE-2025-58362

  • EPSS 0.04%
  • Veröffentlicht 04.09.2025 23:56:13
  • Zuletzt bearbeitet 17.09.2025 20:35:24

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs (e.g. Nginx lo...

5.9

CVE-2024-48913

Exploit
  • EPSS 0.13%
  • Veröffentlicht 15.10.2024 16:15:05
  • Zuletzt bearbeitet 17.09.2025 20:35:07

Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a req...