{"source":1114170,"name":"@hono/node-server","dependency":"@hono/node-server","title":"@hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware","url":"https://github.com/advisories/GHSA-wc8c-qw6v-h7f6","severity":"high","versions":["0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.3.0","0.4.0","0.5.0","0.5.1","0.6.0","1.0.0-rc.1","1.0.0","1.0.1","1.0.2","1.1.0","1.1.1","1.2.0","1.2.1","1.2.2","1.2.3","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.4.0","1.4.1","1.5.0","1.6.0","1.7.0","1.8.0","1.8.1","1.8.2","1.9.0","1.9.1","1.10.0","1.10.1","1.11.0","1.11.1","1.11.2","1.11.3","1.11.4","1.11.5","1.12.0","1.12.1","1.12.2","1.13.0","1.13.1","1.13.2","1.13.3","1.13.4","1.13.5","1.13.6","1.13.7","1.13.8","1.14.0","1.14.1","1.14.2","1.14.3","1.14.4","1.15.0","1.16.0","1.17.0","1.17.1","1.18.0","1.18.1","1.18.2","1.19.0","1.19.1","1.19.2","1.19.3","1.19.4","1.19.5","1.19.6","1.19.7","1.19.8","1.19.9","1.19.10","1.19.11","1.19.12","2.0.0-rc.1"],"vulnerableVersions":["0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.3.0","0.4.0","0.5.0","0.5.1","0.6.0","1.0.0-rc.1","1.0.0","1.0.1","1.0.2","1.1.0","1.1.1","1.2.0","1.2.1","1.2.2","1.2.3","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.4.0","1.4.1","1.5.0","1.6.0","1.7.0","1.8.0","1.8.1","1.8.2","1.9.0","1.9.1","1.10.0","1.10.1","1.11.0","1.11.1","1.11.2","1.11.3","1.11.4","1.11.5","1.12.0","1.12.1","1.12.2","1.13.0","1.13.1","1.13.2","1.13.3","1.13.4","1.13.5","1.13.6","1.13.7","1.13.8","1.14.0","1.14.1","1.14.2","1.14.3","1.14.4","1.15.0","1.16.0","1.17.0","1.17.1","1.18.0","1.18.1","1.18.2","1.19.0","1.19.1","1.19.2","1.19.3","1.19.4","1.19.5","1.19.6","1.19.7","1.19.8","1.19.9"],"cwe":["CWE-863"],"cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},"range":"<1.19.10","id":"16jFLot36l6cmVexrPfvDDi75vxlgygVxRZ/l4CpFq3GPpn1vjTTATooMrxyrmBZb0PCHadOR0cCsUWLvT1frA=="}