Imenyoo2

**Name of the Vulnerable Software and Affected Versions** Python-Multipart versions prior to 0.0.22 **Description** Python-Multipart is a streaming multipart parser for Python. A Path Traversal issue exists when using non-default configuration options `UPLOAD DIR` and `UPLOAD KEEP FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. The issue occurs because the library constructs the file path using `os.path.join()`, and if the filename begins with a '/', all preceding path components are discarded. This allows bypassing the intended upload directory and writing files to arbitrary paths. The vulnerability is only present if `UPLOAD DIR` is set, `UPLOAD KEEP FILENAME` is set to `True`, and the uploaded file exceeds `MAX MEMORY FILE SIZE`. **Recommendations** Upgrade to version 0.0.22. Alternatively, avoid using `UPLOAD KEEP FILENAME=True` in project configurations.

**Name of the Vulnerable Software and Affected Versions** Salvo versions prior to 0.88.1 **Description** Salvo is a Rust web backend framework. Prior to version 0.88.1, the `list html` function generates a file view of a folder, including a render of the current path. This path is inserted into the HTML without proper sanitation, leading to a reflected Cross-Site Scripting (XSS) issue. The request path is decoded and normalized during the matching stage but is inserted raw into the HTML view (`current.path`). The issue requires the root path (e.g., /files) to have a subdirectory (e.g., styles/scripts/etc.) to trigger the list HTML page instead of a Not Found page. **Recommendations** Versions prior to 0.88.1 should be updated to version 0.88.1 or later.

**Name of the Vulnerable Software and Affected Versions** Salvo versions prior to 0.88.1 **Description** Salvo is a Rust web backend framework. The `list html` function generates a file view of a folder without sanitizing file or folder names. This can lead to Cross-Site Scripting (XSS) if a website allows access to public files and anyone can upload files. The issue is exploitable through file uploads with malicious names. **Recommendations** Versions prior to 0.88.1 should be updated to version 0.88.1 or later.

Name of the Vulnerable Software and Affected Versions: Hono versions prior to 4.9.7 Description: Hono is a Web application framework that provides support for any JavaScript runtime. A flaw in the `bodyLimit` middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the `Content-Length` header even when a `Transfer-Encoding: chunked` header was also included, which is a discrepancy with the HTTP specification. This could allow oversized request bodies to bypass the configured limit, potentially leading to denial of service (DoS) due to excessive memory or CPU consumption when handling very large requests. Recommendations: Upgrade to Hono version 4.9.7 or later.

**Name of the Vulnerable Software and Affected Versions** Hono versions 4.8.0 through 4.9.5 **Description** Hono is a Web application framework that provides support for any JavaScript runtime. A flaw exists in the `getPath` utility function that could allow path confusion and potential bypass of proxy-level ACLs. The original implementation relied on fixed character offsets when parsing request URLs, which could lead to incorrect path extraction with malformed absolute-form Request-URIs. This could allow unauthorized access to sensitive endpoints protected by proxy ACLs. **Recommendations** Update to version 4.9.6 or later.

Name of the Vulnerable Software and Affected Versions: Better Auth versions prior to 1.2.10 Description: An open redirect issue has been found in the originCheck middleware function of Better Auth, an authentication and authorization library for TypeScript. The affected routes include "/verify-email", "/reset-password/:token", "/delete-user/callback", "/magic-link/verify", and "/oauth-proxy-callback". Recommendations: For versions prior to 1.2.10, update to version 1.2.10 to resolve the issue. As a temporary workaround, consider restricting access to the affected routes until the update can be applied.