Hono

Hono

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-29085

  • EPSS 0.05%
  • Veröffentlicht 04.03.2026 22:09:45
  • Zuletzt bearbeitet 06.03.2026 18:03:12

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not validated for carriage return (\r) or newline (\n) cha...

9.8

CVE-2026-29045

  • EPSS 0.04%
  • Veröffentlicht 04.03.2026 22:09:22
  • Zuletzt bearbeitet 06.03.2026 18:06:45

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/admin/*', ...)), inconsistent URL decoding allowed ...

5.4

CVE-2026-29086

  • EPSS 0.03%
  • Veröffentlicht 04.03.2026 22:09:01
  • Zuletzt bearbeitet 06.03.2026 18:00:25

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options w...

7.5

CVE-2026-27700

  • EPSS 0.02%
  • Veröffentlicht 25.02.2026 15:01:44
  • Zuletzt bearbeitet 02.03.2026 16:17:53

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter (`hono/aws-lambda`) behind an Application Load Balancer (ALB), the `getConnInfo()` function incorre...

4.7

CVE-2026-24771

  • EPSS 0.04%
  • Veröffentlicht 27.01.2026 19:41:33
  • Zuletzt bearbeitet 04.02.2026 15:28:20

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the hono/jsx library. Under certain usage patterns, u...

5.3

CVE-2026-24473

  • EPSS 0.01%
  • Veröffentlicht 27.01.2026 19:37:52
  • Zuletzt bearbeitet 04.02.2026 15:30:35

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to rea...

5.3

CVE-2026-24472

  • EPSS 0.01%
  • Veröffentlicht 27.01.2026 19:34:33
  • Zuletzt bearbeitet 04.02.2026 15:32:14

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middlew...

6.5

CVE-2026-24398

  • EPSS 0.01%
  • Veröffentlicht 27.01.2026 19:06:42
  • Zuletzt bearbeitet 04.02.2026 15:34:58

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` func...

6.5

CVE-2026-22817

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 13.01.2026 19:49:55
  • Zuletzt bearbeitet 20.01.2026 16:48:05

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the sele...

6.5

CVE-2026-22818

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 13.01.2026 19:49:52
  • Zuletzt bearbeitet 20.01.2026 16:47:51

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verificatio...