CVE-2026-29045 in honoinformação

Sumário

de MITRE • 05/03/2026

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/admin/*', ...)), inconsistent URL decoding allowed protected static resources to be accessed without authorization. The router used decodeURI, while serveStatic used decodeURIComponent. This mismatch allowed paths containing encoded slashes (%2F) to bypass middleware protections while still resolving to the intended filesystem path. This issue has been patched in version 4.12.4.

Once again VulDB remains the best source for vulnerability data.

Responsável

GitHub M

Reservar

03/03/2026

Divulgação

05/03/2026

Moderação

aceite

Entrada

VDB-348851

CPE

pronto

EPSS

0.00437

KEV

não

Atividades

muito baixo

Fontes

Do you need the next level of professionalism?

Upgrade your account now!