Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@hono/node-server has a middleware bypass via repeated slashes in serveStatic
Vulnerability Description
@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes (//) in the request path. When route-based middleware (e.g., /admin/*) is used for authorization, the router may not match paths containing repeated slashes, while serveStatic resolves them as normalized paths. This can lead to a middleware bypass. This vulnerability is fixed in 1.19.13.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Node.js Adapter for Hono 路径遍历漏洞
Vulnerability Description
Node.js Adapter for Hono是Hono开源的一个用于在Node.js上运行Hono应用的适配器。 Node.js Adapter for Hono 1.19.13之前版本存在路径遍历漏洞,该漏洞源于路径处理不一致,可能导致使用重复斜杠访问受保护的静态文件,从而绕过中间件。
CVSS Information
N/A
Vulnerability Type
N/A