4.12.27
4 years ago
11 days ago
Known vulnerabilities in the hono package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains in the CORS middleware. An attacker can access sensitive information and perform unauthorized actions by sending cross-origin requests with credentials from arbitrary origins. This is only exploitable if the application enables credentials and leaves the origin unset or set to the wildcard. How to fix Permissive Cross-domain Policy with Untrusted Domains? Upgrade | <4.12.25 |
hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the AWS Lambda adapter's handling of multiple How to fix Improper Encoding or Escaping of Output? Upgrade | <4.12.25 |
hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Directory Traversal via the How to fix Directory Traversal? Upgrade | <4.12.25 |
hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard in the Lambda@Edge adapter that truncates repeated request headers. An attacker can bypass access restrictions or affect auditing mechanisms by sending repeated request headers, causing only the last value to be processed and earlier values to be ignored. How to fix Improperly Implemented Security Check for Standard? Upgrade | <4.12.25 |
hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the Body Limit Middleware. An attacker can cause the application to process payloads larger than the configured maximum by understating the How to fix Insufficient Verification of Data Authenticity? Upgrade | <4.12.25 |