CVE-2024-32869 — Vulnetix

CVE-2024-32869 PUBLISHED CVSS 5.300000190734863 MEDIUM

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where `main.ts` is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for the issue.

EPSS 1.67% · 82.4th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

1.67%

82.4th percentile

Affected Products

Vendor	Product	Versions
hono	hono	*
honojs	hono	< 4.2.7
hono	hono	0
npm	hono	0

Timeline

Jan 21, 1970 Security Advisory
Apr 23, 2024 CVE Published
Apr 24, 2024 EPSS Score
May 19, 2024 EPSS Score
Jun 13, 2024 EPSS Score
Jul 8, 2024 EPSS Score
Aug 1, 2024 EPSS Score
Sep 20, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 14, 2024 EPSS Score
Nov 8, 2024 EPSS Score
Dec 3, 2024 EPSS Score

References

https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347 url
https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65 url
https://nvd.nist.gov/vuln/detail/CVE-2024-32869 advisory
https://github.com/honojs/hono package

Open in Interactive Console →