CNNVD-202601-4454 Information

CNNVD ID

CNNVD-202601-4454

Related CVE

CVE-2026-24771

• CNNVD Published: 2026-01-27

Description (Chinese)

Hono是Hono社区的一个用 TypeScript 编写的 Web 框架。 Hono 4.11.7之前版本存在跨站脚本漏洞，该漏洞源于ErrorBoundary组件存在跨站脚本，可能导致执行任意脚本。

Description (English)

Hono is a web-based framework for the Hono community, developed by TypeScript. The pre-Hono 4.11.7 version had a cross-site script loophole, which stemmed from the presence of a cross-site script for the Error Boundary component, which could lead to the execution of any script.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Hono

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/honojs/hono/commit/2cf60046d730df9fd0aba85178f3ecfe8212d990 https://github.com/honojs/hono/security/advisories/GHSA-9r54-q6cx-xmh5 https://access.redhat.com/security/cve/cve-2026-24771

Patch

https://github.com/honojs/hono/releases