CVE-2026-39406
- EPSS 0.02%
- Veröffentlicht 08.04.2026 14:34:30
- Zuletzt bearbeitet 21.04.2026 18:38:40
@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes (//) in the request path. When route-based middlew...
CVE-2026-29087
- EPSS 0.02%
- Veröffentlicht 06.03.2026 17:03:30
- Zuletzt bearbeitet 14.04.2026 17:36:58
@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections (e.g. protecting /admin/*), inconsistent URL decoding can ...
CVE-2024-32652
- EPSS 0.52%
- Veröffentlicht 19.04.2024 19:15:07
- Zuletzt bearbeitet 17.09.2025 20:33:36
The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be par...
CVE-2024-23340
- EPSS 0.25%
- Veröffentlicht 22.01.2024 23:15:08
- Zuletzt bearbeitet 21.11.2024 08:57:32
@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with `url` behavior that is unexpected. In the standard API, if the URL contains `..`, here called ...