Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses
Vulnerability Description
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction() does not canonicalize IPv4-mapped IPv6 client addresses (e.g. ::ffff:127.0.0.1) before applying IPv4 allow or deny rules. In environments such as Node.js dual-stack, this can cause IPv4 rules to fail to match, leading to unintended authorization behavior. This vulnerability is fixed in 4.12.12.
CVSS Information
N/A
Vulnerability Type
不正确的行为次序:规范化之前验证
Vulnerability Title
Hono 安全漏洞
Vulnerability Description
Hono是Hono社区的一个用 TypeScript 编写的 Web 框架。 Hono 4.12.12之前版本存在安全漏洞,该漏洞源于ipRestriction函数未规范化IPv4映射的IPv6客户端地址,可能导致IPv4规则匹配失败,引发意外授权行为。
CVSS Information
N/A
Vulnerability Type
N/A