Количество 2
Количество 2
CVE-2026-39409
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction() does not canonicalize IPv4-mapped IPv6 client addresses (e.g. ::ffff:127.0.0.1) before applying IPv4 allow or deny rules. In environments such as Node.js dual-stack, this can cause IPv4 rules to fail to match, leading to unintended authorization behavior. This vulnerability is fixed in 4.12.12.
GHSA-xpcf-pg52-r92g
Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-39409 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction() does not canonicalize IPv4-mapped IPv6 client addresses (e.g. ::ffff:127.0.0.1) before applying IPv4 allow or deny rules. In environments such as Node.js dual-stack, this can cause IPv4 rules to fail to match, leading to unintended authorization behavior. This vulnerability is fixed in 4.12.12. | 0% Низкий | 3 дня назад | |
| GHSA-xpcf-pg52-r92g Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses | 0% Низкий | 4 дня назад |
Уязвимостей на страницу