Y0D3N

**Name of the Vulnerable Software and Affected Versions** Hono versions prior to 4.2.7 **Description** The issue allows directory traversal when using serveStatic with deno, potentially resulting in the retrieval of unexpected files, including the contents of `main.ts`. This can occur because the serveStatic function does not properly restrict access to the directory where `main.ts` is located. **Recommendations** For versions prior to 4.2.7, update to version 4.2.7 or later to resolve the issue. As a temporary workaround, consider disabling the use of serveStatic with deno until a patch is applied. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using the serveStatic function with deno in sensitive environments until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** HackMD CodiMD versions prior to 2.5.2 **Description** The issue is related to a Denial of Service. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cube versions prior to 0.34.34 **Description** The issue allows an attacker to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The problem has been patched in version 0.34.34. It is recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption. **Recommendations** For versions prior to 0.34.34, upgrade to version 0.34.34 or later to prevent service disruption. As a temporary workaround is not available for older versions, the recommendation is to upgrade to the latest version.