CNNVD-202510-2858 Information

CNNVD ID

CNNVD-202510-2858

Related CVE

CVE-2025-62610

• CNNVD Published: 2025-10-22

Description (Chinese)

Hono是Hono社区的一个用 TypeScript 编写的 Web 框架。 Hono 1.1.0版本至4.10.2之前版本存在授权问题漏洞，该漏洞源于JWT Auth Middleware缺少内置受众验证选项，可能导致令牌混淆和跨服务访问问题。

Description (English)

Hono is a web-based framework for the Hono community, developed by TypeScript. There is a mandate gap in the pre-Mono 1.1.0 to 4.10.2, which stems from the lack of built-in audience validation options in JWT Auth Middleware, which may lead to token confusion and cross-service access problems.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

Hono

Published

2025-10-22

Last Modified

2026-02-24

References

https://github.com/honojs/hono/commit/45ba3bf9e3dff8e4bd85d6b47d4b71c8d6c66bef https://github.com/honojs/hono/security/advisories/GHSA-m732-5p4w-x69g https://access.redhat.com/security/cve/cve-2025-62610

Patch

https://eclipse.dev/hono/