Vulnerabilities

 1 via 1 paths

Dependencies

 425

Source

 GitHub

Commit

 a2be9858

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 13
Severity
  • 14
Status
  • 14
  • 0
  • 0

medium severity
new

HTTP Request Smuggling

  • Vulnerable module: hono
  • Introduced through: hono@4.9.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d hono@4.9.6
    Remediation: Upgrade to hono@4.9.7.

Overview

hono is an Ultrafast web framework for the Edges

Affected versions of this package are vulnerable to HTTP Request Smuggling via the bodyLimit middleware when conflicting HTTP headers are present. An attacker can cause excessive memory or CPU consumption by sending oversized request bodies that bypass the configured size limit.

Note: This is exploitable if the deployment environment or runtime does not reject requests with both Content-Length and Transfer-Encoding: chunked headers.

Remediation

Upgrade hono to version 4.9.7 or higher.

References

HTTP Request Smuggling vulnerability report

medium severity

MPL-2.0 license

  • Module: @dehoist/romanize-thai
  • Introduced through: @dehoist/romanize-thai@1.0.0

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @dehoist/romanize-thai@1.0.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-content
  • Introduced through: @ghostery/adblocker-electron-preload@2.11.6 and @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron-preload@2.11.6 @ghostery/adblocker-content@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @ghostery/adblocker-content@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker-electron-preload@2.11.6 @ghostery/adblocker-content@2.11.6

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-electron
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-electron-preload
  • Introduced through: @ghostery/adblocker-electron-preload@2.11.6 and @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron-preload@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker-electron-preload@2.11.6

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-extended-selectors
  • Introduced through: @ghostery/adblocker-electron-preload@2.11.6 and @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron-preload@2.11.6 @ghostery/adblocker-content@2.11.6 @ghostery/adblocker-extended-selectors@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @ghostery/adblocker-extended-selectors@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @ghostery/adblocker-content@2.11.6 @ghostery/adblocker-extended-selectors@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker-electron-preload@2.11.6 @ghostery/adblocker-content@2.11.6 @ghostery/adblocker-extended-selectors@2.11.6

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/url-parser
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @ghostery/url-parser@1.3.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/guess-url-type
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/guess-url-type@2.1.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/small
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/small@2.1.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/smaz
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/smaz@2.2.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/smaz-compress
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/smaz@2.2.0 @remusao/smaz-compress@2.2.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/smaz-decompress
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/smaz@2.2.0 @remusao/smaz-decompress@2.2.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/trie
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/smaz@2.2.0 @remusao/smaz-compress@2.2.0 @remusao/trie@2.1.0

MPL-2.0 license

MPL-2.0 license vulnerability report