CVE-2025-59139

Name of the Vulnerable Software and Affected Versions: Hono versions prior to 4.9.7

Description: Hono is a Web application framework that provides support for any JavaScript runtime. A flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the Content-Length header even when a Transfer-Encoding: chunked header was also included, which is a discrepancy with the HTTP specification. This could allow oversized request bodies to bypass the configured limit, potentially leading to denial of service (DoS) due to excessive memory or CPU consumption when handling very large requests.

Recommendations: Upgrade to Hono version 4.9.7 or later.