CNNVD-202601-4457 Information
CNNVD ID
CNNVD-202601-4457
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
Hono是Hono社区的一个用 TypeScript 编写的 Web 框架。 Hono 4.11.7之前版本存在安全漏洞,该漏洞源于Cloudflare Workers适配器的静态服务中间件存在信息泄露,可能导致攻击者从Workers环境中读取任意密钥。
Description (English)
Hono is a web-based framework for the Hono community, developed by TypeScript. Prior to Hono 4.11.7, there was a security loophole, which stemmed from the leaking of the static service intermediate of the Cloudflare Workers adaptor, which could lead the attackers to read any key from the Workers environment.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Hono
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/honojs/hono/commit/cf9a78db4d0a19b117aee399cbe9d3a6d9bfd817 https://github.com/honojs/hono/security/advisories/GHSA-w332-q679-j88p https://github.com/honojs/hono/releases/tag/v4.11.7 https://access.redhat.com/security/cve/cve-2026-24473
Patch
https://github.com/honojs/hono/releases
Share on: