CVE-2023-50710

Name of the Vulnerable Software and Affected Versions Hono versions prior to 3.11.7

Description The issue allows clients to override named path parameter values from previous requests when the application is using TrieRouter. This poses a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter.

Recommendations For versions prior to 3.11.7, update to version 3.11.7 to fix the issue. As a temporary workaround, avoid using TrieRouter directly.