Vulnerabilidades em honojs
39 resultadosCVE-2024-32652HIGH@hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsedEPSS 0.9%CVE-2024-23340MEDIUM@hono/node-server can't handle "double dots" in URLEPSS 0.7%CVE-2024-32869MEDIUMHono vulnerable to Restricted Directory Traversal in serveStatic with denoEPSS 0.6%CVE-2023-50710MEDIUMHono's named path parameters can be overridden in TrieRouterEPSS 0.6%CVE-2026-39408MEDIUMHono has a path traversal in toSSG() allows writing files outside the output directoryEPSS 0.5%CVE-2025-58362HIGHHono contains a flaw in URL path parsing, potentially leading to path confusionEPSS 0.5%CVE-2026-39407MEDIUMHono has a middleware bypass via repeated slashes in serveStaticEPSS 0.5%CVE-2026-24472MEDIUMHono cache middleware ignores "Cache-Control: private" leading to Web Cache DeceptionEPSS 0.5%CVE-2026-29045HIGHHono: Arbitrary file access via serveStatic vulnerabilityEPSS 0.4%CVE-2026-24473MEDIUMHono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)EPSS 0.4%CVE-2025-59139MEDIUMHono has Body Limit Middleware BypassEPSS 0.4%CVE-2026-39406MEDIUM@hono/node-server has a middleware bypass via repeated slashes in serveStaticEPSS 0.4%CVE-2025-62610HIGHHono Improperly Authorizes JWT Audience ValidationEPSS 0.4%CVE-2026-39409MEDIUMHono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addressesEPSS 0.3%CVE-2026-29087HIGH@hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static MiddlewareEPSS 0.3%CVE-2026-24398MEDIUMHono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofingEPSS 0.3%CVE-2024-48913MEDIUMHono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.EPSS 0.3%CVE-2026-24771MEDIUMHono has a Cross-site Scripting vulnerabilityEPSS 0.3%CVE-2026-54286MEDIUMHono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)EPSS 0.3%CVE-2026-39410MEDIUMHono has a non-breaking space prefix bypass in cookie name handling in getCookie()EPSS 0.3%