Rootingg

**Name of the Vulnerable Software and Affected Versions** Hono versions prior to 4.12.21 **Description** In the `app.mount()` function, the mount prefix is stripped from the incoming request path using the raw URL pathname, whereas route matching is conducted against the percent-decoded path. This inconsistency leads to the prefix being removed from the incorrect position when the path includes percent-encoded multi-byte characters, causing the mounted sub-application to receive an incorrect path. **Recommendations** Update to version 4.12.21.

**Name of the Vulnerable Software and Affected Versions** microlight.js version 0.0.7 **Description** A null pointer dereference issue was discovered in a lightweight syntax highlighting library. The library fails to validate the result of a regular expression match before accessing its properties when processing elements with non-standard CSS color values, leading to an uncaught TypeError and potential application crash. **Recommendations** For microlight.js version 0.0.7, consider updating to a newer version that addresses this issue, as the current version fails to properly handle non-standard CSS color values, leading to potential application crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.