@hono/node-server@1.3.0 vulnerabilities

Node.js Adapter for Hono

latest version

1.11.1
latest non vulnerable version

1.11.1
first published

a year ago
latest version published

22 days ago
licenses detected
- MIT
  >=0
View @hono/node-server package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @hono/node-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Improper Handling of Exceptional Conditions @hono/node-server is a Node.js Adapter for Hono Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the `newRequest()` function in `listener.ts`, which fails with `ERR_INVALID_URL` on invalid `Host:` header values, including empty string and `/`. This allows attackers to trigger denial of service. Note: The maintainers recommend upgrading to 1.11.0 to fix all issues related to this vulnerability. How to fix Improper Handling of Exceptional Conditions? Upgrade `@hono/node-server` to version 1.10.1 or higher.	>=1.3.0 <1.10.1
M Path Traversal @hono/node-server is a Node.js Adapter for Hono Affected versions of this package are vulnerable to Path Traversal via the `serveStatic` function. An attacker can access restricted directories on the server by crafting a URL that includes directory traversal characters such as "..". Note: Modern web browsers and a latest curl command resolve double dots on the client side, so it does not affect you if the user uses them. However, problems may occur if accessed by a client that does not resolve them. How to fix Path Traversal? Upgrade `@hono/node-server` to version 1.4.1 or higher.	>=1.3.0 <1.4.1

Improper Handling of Exceptional Conditions

@hono/node-server is a Node.js Adapter for Hono

Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the newRequest() function in listener.ts, which fails with ERR_INVALID_URL on invalid Host: header values, including empty string and /. This allows attackers to trigger denial of service.

Note: The maintainers recommend upgrading to 1.11.0 to fix all issues related to this vulnerability.

How to fix Improper Handling of Exceptional Conditions?

Upgrade @hono/node-server to version 1.10.1 or higher.

>=1.3.0 <1.10.1

Path Traversal

@hono/node-server is a Node.js Adapter for Hono

Affected versions of this package are vulnerable to Path Traversal via the serveStatic function. An attacker can access restricted directories on the server by crafting a URL that includes directory traversal characters such as "..".

Note: Modern web browsers and a latest curl command resolve double dots on the client side, so it does not affect you if the user uses them. However, problems may occur if accessed by a client that does not resolve them.

How to fix Path Traversal?

Upgrade @hono/node-server to version 1.4.1 or higher.

>=1.3.0 <1.4.1

Go back to all versions of this package

@hono/node-server@1.3.0 vulnerabilities

Node.js Adapter for Hono

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities