CVE-2024-32869: Hono vulnerable to Restricted Directory Traversal in serveStatic with deno

April 23, 2024

When using serveStatic with deno, it is possible to directory traverse where main.ts is located.

My environment is configured as per this tutorial https://hono.dev/getting-started/deno

References

github.com/advisories/GHSA-3mpf-rcc7-5347
github.com/honojs/hono
github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65
github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347
nvd.nist.gov/vuln/detail/CVE-2024-32869

Code Behaviors & Features

Detect and mitigate CVE-2024-32869 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →