CNNVD-202601-4463 Information
CNNVD ID
CNNVD-202601-4463
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
Hono是Hono社区的一个用 TypeScript 编写的 Web 框架。 Hono 4.11.7之前版本存在代码问题漏洞,该漏洞源于缓存中间件存在信息泄露,可能导致私有或经过身份验证的响应被缓存并随后暴露给未经授权的用户。
Description (English)
Hono is a web-based framework for the Hono community, developed by TypeScript. Prior to the Hono 4.11.7 version, there was a code loophole, which stemmed from the leak of information in the cache intermediate, which could result in private or identity-certified responses being cached and subsequently exposed to unauthorized users.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Hono
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/honojs/hono/commit/12c511745b3f1e7a3f863a23ce5f921c7fa805d1 https://github.com/honojs/hono/security/advisories/GHSA-6wqw-2p9w-4vw4 https://github.com/honojs/hono/releases/tag/v4.11.7 https://access.redhat.com/security/cve/cve-2026-24472
Patch
https://github.com/honojs/hono/releases
Share on: