CVE-2024-32869 Information

Description

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7 when using serveStatic with deno it is possible to traverse the directory where main.ts is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for the issue.

Reference

https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347 https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65