Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware
Vulnerability Description
@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections (e.g. protecting /admin/*), inconsistent URL decoding can allow protected static resources to be accessed without authorization. In particular, paths containing encoded slashes (%2F) may be evaluated differently by routing/middleware matching versus static file path resolution, enabling a bypass where middleware does not run but the static file is still served. This issue has been patched in version 1.19.10.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Node.js Adapter for Hono 安全漏洞
Vulnerability Description
Node.js Adapter for Hono是Hono开源的一个用于在Node.js上运行Hono应用的适配器。 Node.js Adapter for Hono 1.19.10之前版本存在安全漏洞,该漏洞源于URL解码不一致,可能导致绕过中间件保护访问静态资源。
CVSS Information
N/A
Vulnerability Type
N/A