Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-24473

created 2 months, 2 weeks ago

Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment. Improper validation of user-controlled paths can result in unintended access to internal asset keys. Version 4.11.7 contains a patch for the issue.

References

https://github.com/honojs/hono/security/advisories/GHSA-w332-q679-j88p x_refsource_CONFIRM
https://github.com/honojs/hono/commit/cf9a78db4d0a19b117aee399cbe9d3a6d9bfd817 x_refsource_MISC
https://github.com/honojs/hono/releases/tag/v4.11.7 x_refsource_MISC

Affected products

hono

==< 4.11.7

Matching in nixpkgs

pkgs.libsForQt5.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1
nixos-25.11 4.11.1
- nixpkgs-25.11-darwin 4.11.1

pkgs.kdePackages.phonon

Multi-platform sound framework for application developers

nixos-unstable 4.12.0
- nixpkgs-unstable 4.12.0
- nixos-unstable-small 4.12.0
nixos-25.11 4.12.0
- nixpkgs-25.11-darwin 4.12.0

pkgs.kdePackages.phonon-vlc

VLC backend for the Phonon multimedia library

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0
nixos-25.11 0.12.0
- nixpkgs-25.11-darwin 0.12.0

pkgs.plasma5Packages.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1
nixos-25.11 4.11.1
- nixpkgs-25.11-darwin 4.11.1

pkgs.python312Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 2.38.2
- nixpkgs-unstable 2.38.2
- nixos-unstable-small 2.38.2
nixos-25.11 2.43.2
- nixpkgs-25.11-darwin 2.43.2

pkgs.python313Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 2.38.2
- nixpkgs-unstable 2.38.2
- nixos-unstable-small 2.38.2
nixos-25.11 2.43.2
- nixpkgs-25.11-darwin 2.43.2

pkgs.libsForQt5.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3
nixos-25.11 0.11.3
- nixpkgs-25.11-darwin 0.11.3

pkgs.python312Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.8.1.1
- nixpkgs-unstable 7.8.1.1
- nixos-unstable-small 7.8.1.1
nixos-25.11 7.8.1.1
- nixpkgs-25.11-darwin 7.8.1.1

pkgs.python313Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.8.1.1
- nixpkgs-unstable 7.8.1.1
- nixos-unstable-small 7.8.1.1
nixos-25.11 7.8.1.1
- nixpkgs-25.11-darwin 7.8.1.1

pkgs.plasma5Packages.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3
nixos-25.11 0.11.3
- nixpkgs-25.11-darwin 0.11.3

pkgs.libsForQt5.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0
nixos-25.11 4.10.0
- nixpkgs-25.11-darwin 4.10.0

pkgs.plasma5Packages.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0
nixos-25.11 4.10.0
- nixpkgs-25.11-darwin 4.10.0

Package maintainers

@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@K900 Ilya K. <me@0upti.me>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@NickCao Nick Cao <nickcao@nichi.co>
@PsyanticY Psyanticy <iuns@outlook.fr>
@CHN-beta Haonan Chen <chn@chn.moe>