CVE-2024-32869 MEDIUM

CVE-2024-32869: Hono vulnerable to Restricted Directory Traversal in serveStatic with deno

Vendor Honojs
Product hono
Weakness CWE-22 · Path traversal
Published April 23, 2024
Last update August 2, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where `main.ts` is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for the issue.

Key dates

02Disclosure timeline

April 23, 2024 CVE published
August 2, 2024 Record updated