hono 4.12.20

Direct Vulnerabilities

Known vulnerabilities in the hono package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Incorrect Regular Expression hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Incorrect Regular Expression via the `ip-restriction` middleware. An attacker can bypass configured deny rules for IPv6 addresses by submitting non-canonical representations, such as compressed or explicit-zero forms, causing the rule to be skipped. How to fix Incorrect Regular Expression? Upgrade `hono` to version 4.12.21 or higher.	<4.12.21
M HTTP Response Splitting hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the `serialize` function. An attacker can inject arbitrary attributes into the Set-Cookie response header by supplying crafted input to the `sameSite` or `priority` options. How to fix HTTP Response Splitting? Upgrade `hono` to version 4.12.21 or higher.	<4.12.21
M Improper Authorization hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Authorization via the `jwt` middleware when the Authorization header uses any scheme, not just Bearer. An attacker can gain unauthorized access by presenting a valid JWT under a non-Bearer scheme identifier. How to fix Improper Authorization? Upgrade `hono` to version 4.12.21 or higher.	<4.12.21
M HTTP Request Smuggling hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the `app.mount` function. An attacker can access unintended routes or resources by sending requests with percent-encoded multi-byte characters in the URL path, leading to incorrect routing. How to fix HTTP Request Smuggling? Upgrade `hono` to version 4.12.21 or higher.	<4.12.21

Vulnerability

Vulnerable Version

Incorrect Regular Expression

hono is an Ultrafast web framework for the Edges

Affected versions of this package are vulnerable to Incorrect Regular Expression via the ip-restriction middleware. An attacker can bypass configured deny rules for IPv6 addresses by submitting non-canonical representations, such as compressed or explicit-zero forms, causing the rule to be skipped.

How to fix Incorrect Regular Expression?

Upgrade hono to version 4.12.21 or higher.

<4.12.21

HTTP Response Splitting

hono is an Ultrafast web framework for the Edges

Affected versions of this package are vulnerable to HTTP Response Splitting via the serialize function. An attacker can inject arbitrary attributes into the Set-Cookie response header by supplying crafted input to the sameSite or priority options.

How to fix HTTP Response Splitting?

Upgrade hono to version 4.12.21 or higher.

<4.12.21

Improper Authorization

hono is an Ultrafast web framework for the Edges

Affected versions of this package are vulnerable to Improper Authorization via the jwt middleware when the Authorization header uses any scheme, not just Bearer. An attacker can gain unauthorized access by presenting a valid JWT under a non-Bearer scheme identifier.

How to fix Improper Authorization?

Upgrade hono to version 4.12.21 or higher.

<4.12.21

HTTP Request Smuggling

hono is an Ultrafast web framework for the Edges

Affected versions of this package are vulnerable to HTTP Request Smuggling via the app.mount function. An attacker can access unintended routes or resources by sending requests with percent-encoded multi-byte characters in the URL path, leading to incorrect routing.

How to fix HTTP Request Smuggling?

Upgrade hono to version 4.12.21 or higher.

<4.12.21

hono@4.12.20

Web framework built on Web Standards

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically