Find, fix and prevent vulnerabilities in your code.
medium severity
new
- Vulnerable module: hono
- Introduced through: hono@4.9.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › hono@4.9.6Remediation: Upgrade to hono@4.9.7.
Overview
hono is an Ultrafast web framework for the Edges
Affected versions of this package are vulnerable to HTTP Request Smuggling via the bodyLimit
middleware when conflicting HTTP headers are present. An attacker can cause excessive memory or CPU consumption by sending oversized request bodies that bypass the configured size limit.
Note:
This is exploitable if the deployment environment or runtime does not reject requests with both Content-Length
and Transfer-Encoding: chunked
headers.
Remediation
Upgrade hono
to version 4.9.7 or higher.
References
medium severity
- Module: @dehoist/romanize-thai
- Introduced through: @dehoist/romanize-thai@1.0.0
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @dehoist/romanize-thai@1.0.0
MPL-2.0 license
medium severity
- Module: @ghostery/adblocker
- Introduced through: @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker@2.11.6
MPL-2.0 license
medium severity
- Module: @ghostery/adblocker-content
- Introduced through: @ghostery/adblocker-electron-preload@2.11.6 and @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron-preload@2.11.6 › @ghostery/adblocker-content@2.11.6
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker@2.11.6 › @ghostery/adblocker-content@2.11.6
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker-electron-preload@2.11.6 › @ghostery/adblocker-content@2.11.6
MPL-2.0 license
medium severity
- Module: @ghostery/adblocker-electron
- Introduced through: @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6
MPL-2.0 license
medium severity
- Module: @ghostery/adblocker-electron-preload
- Introduced through: @ghostery/adblocker-electron-preload@2.11.6 and @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron-preload@2.11.6
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker-electron-preload@2.11.6
MPL-2.0 license
medium severity
- Module: @ghostery/adblocker-extended-selectors
- Introduced through: @ghostery/adblocker-electron-preload@2.11.6 and @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron-preload@2.11.6 › @ghostery/adblocker-content@2.11.6 › @ghostery/adblocker-extended-selectors@2.11.6
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker@2.11.6 › @ghostery/adblocker-extended-selectors@2.11.6
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker@2.11.6 › @ghostery/adblocker-content@2.11.6 › @ghostery/adblocker-extended-selectors@2.11.6
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker-electron-preload@2.11.6 › @ghostery/adblocker-content@2.11.6 › @ghostery/adblocker-extended-selectors@2.11.6
MPL-2.0 license
medium severity
- Module: @ghostery/url-parser
- Introduced through: @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker@2.11.6 › @ghostery/url-parser@1.3.0
MPL-2.0 license
medium severity
- Module: @remusao/guess-url-type
- Introduced through: @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker@2.11.6 › @remusao/guess-url-type@2.1.0
MPL-2.0 license
medium severity
- Module: @remusao/small
- Introduced through: @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker@2.11.6 › @remusao/small@2.1.0
MPL-2.0 license
medium severity
- Module: @remusao/smaz
- Introduced through: @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker@2.11.6 › @remusao/smaz@2.2.0
MPL-2.0 license
medium severity
- Module: @remusao/smaz-compress
- Introduced through: @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker@2.11.6 › @remusao/smaz@2.2.0 › @remusao/smaz-compress@2.2.0
MPL-2.0 license
medium severity
- Module: @remusao/smaz-decompress
- Introduced through: @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker@2.11.6 › @remusao/smaz@2.2.0 › @remusao/smaz-decompress@2.2.0
MPL-2.0 license
medium severity
- Module: @remusao/trie
- Introduced through: @ghostery/adblocker-electron@2.11.6
Detailed paths
-
Introduced through: youtube-music@th-ch/youtube-music#a2be98588b0f9ec2e05f121600c9b9e757c23b2d › @ghostery/adblocker-electron@2.11.6 › @ghostery/adblocker@2.11.6 › @remusao/smaz@2.2.0 › @remusao/smaz-compress@2.2.0 › @remusao/trie@2.1.0
MPL-2.0 license