Vulnerability	Vulnerable Version
M Cross-site Request Forgery (CSRF) hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the `csrf` function. An attacker can bypass CSRF protection by sending a request without a Content-Type header. How to fix Cross-site Request Forgery (CSRF)? Upgrade `hono` to version 4.6.5 or higher.	<4.6.5
L Cross-Site Request Forgery (CSRF) hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the `isRequestedByFormElementRe` function. An attacker can bypass CSRF protection by using a crafted Content-Type header with case manipulation. How to fix Cross-Site Request Forgery (CSRF)? Upgrade `hono` to version 4.5.8 or higher.	<4.5.8
M Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') such that when using `serveStatic` with deno, it is possible to traverse the directory where `main.ts` is located, leading to the retrieval of unexpected files. How to fix Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')? Upgrade `hono` to version 4.2.7 or higher.	<4.2.7

Go back to all versions of this package