CNNVD-202509-1790 Information
CNNVD ID
CNNVD-202509-1790
Related CVE
- CNNVD Published: 2025-09-12
Description (Chinese)
Hono是Hono社区的一个用 TypeScript 编写的 Web 框架。 Hono 4.9.7之前版本存在安全漏洞,该漏洞源于bodyLimit中间件在处理冲突的HTTP标头时优先考虑Content-Length标头,可能导致绕过请求体大小限制,从而引发拒绝服务攻击。
Description (English)
Hono is a web-based framework for the Hono community, developed by TypeScript. A security loophole in the earlier version of Hono 4.9.7 arose from the fact that the body Limit intermediate gave priority to the Content-Length marker when dealing with the HTTP header of the conflict, which could lead to the circumvention of the requested body ’ s size limits, thus triggering a denial of service attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Hono
Published
2025-09-12
Last Modified
2026-02-24
References
https://github.com/honojs/hono/commit/605c70560b52f13af10379f79b76717042fafe8d https://github.com/honojs/hono/security/advisories/GHSA-92vj-g62v-jqhh https://access.redhat.com/security/cve/cve-2025-59139
Patch
https://github.com/honojs/hono/releases
Share on: