Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hono has a middleware bypass via repeated slashes in serveStatic
Vulnerability Description
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes (//) in the request path. When route-based middleware (e.g., /admin/*) is used for authorization, the router may not match paths containing repeated slashes, while serveStatic resolves them as normalized paths. This can lead to a middleware bypass. This vulnerability is fixed in 4.12.12.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Hono 路径遍历漏洞
Vulnerability Description
Hono是Hono社区的一个用 TypeScript 编写的 Web 框架。 Hono 4.12.12之前版本存在路径遍历漏洞,该漏洞源于serveStatic路径处理不一致,可能导致使用重复斜杠访问受保护的静态文件,从而绕过中间件。
CVSS Information
N/A
Vulnerability Type
N/A