hono@2.7.8 vulnerabilities

Ultrafast web framework for the Edges

latest version

4.3.4
latest non vulnerable version

4.3.4
first published

2 years ago
latest version published

2 hours ago
View hono package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the hono package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Improper Control of Generation of Code ('Code Injection') hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') due to the use of `TrieRouter` or when matching patterns not supported by the default `RegExpRouter`. An attacker can influence the behavior of the application by injecting unintended parameters when deleting REST API resources. Note: This is only exploitable if a privileged user interacts with the application in a way that allows for parameter override. How to fix Improper Control of Generation of Code ('Code Injection')? Upgrade `hono` to version 3.11.7 or higher.	<3.11.7
M Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') such that when using `serveStatic` with deno, it is possible to traverse the directory where `main.ts` is located, leading to the retrieval of unexpected files. How to fix Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')? Upgrade `hono` to version 4.2.7 or higher.	<4.2.7
M Arbitrary Code Injection hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Arbitrary Code Injection via the `TrieRouter` process. An attacker can manipulate the path parameters to override named path parameter values from previous requests, potentially leading to unintended behavior or access to privileged operations. Note: This is only exploitable if the application uses `TrieRouter` explicitly or matches a pattern not supported by the default `RegExpRouter`. How to fix Arbitrary Code Injection? Upgrade `hono` to version 3.11.7 or higher.	<3.11.7

Go back to all versions of this package

hono@2.7.8 vulnerabilities

Ultrafast web framework for the Edges

latest version

latest non vulnerable version

first published

latest version published

Direct Vulnerabilities