CVE-2024-32869

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.2.7

Description The issue allows directory traversal when using serveStatic with deno, potentially resulting in the retrieval of unexpected files, including the contents of main.ts. This can occur because the serveStatic function does not properly restrict access to the directory where main.ts is located.

Recommendations For versions prior to 4.2.7, update to version 4.2.7 or later to resolve the issue. As a temporary workaround, consider disabling the use of serveStatic with deno until a patch is applied. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using the serveStatic function with deno in sensitive environments until the issue is resolved.