5.3 MEDIUM
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): Passive (P)
- Vulnerable System Impact Confidentiality (VC): None (N)
- Vulnerable System Impact Integrity (VI): Low (L)
- Vulnerable System Impact Availability (VA): None (N)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Passive (P)
- Modified Vulnerable System Impact Confidentiality (MVC): None (N)
- Modified Vulnerable System Impact Integrity (MVI): Low (L)
- Modified Vulnerable System Impact Availability (MVA): None (N)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
hono - HTML Injection via Improper JSX Attribute Name Handling in SSR
hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag boundaries and inject arbitrary attributes or elements.
References
-
GitHub Security Advisory (GHSA-458j-xx4x-4375) vendor-advisory
Affected products
- <4.12.14
- ==4.12.14
Matching in nixpkgs
pkgs.libsForQt5.phonon
None
pkgs.kdePackages.phonon
Multi-platform sound framework for application developers
pkgs.kdePackages.phonon-vlc
VLC backend for the Phonon multimedia library
pkgs.plasma5Packages.phonon
None
pkgs.typstPackages.phonokit
A toolkit to create phonological representations
pkgs.python312Packages.phonopy
None
pkgs.python313Packages.phonopy
Modulefor phonon calculations at harmonic and quasi-harmonic levels
pkgs.python314Packages.phonopy
Modulefor phonon calculations at harmonic and quasi-harmonic levels
pkgs.typstPackages.phonokit_0_0_1
Phonology toolkit: IPA transcription (tipa-style), prosodic structures, vowel/consonant charts with language inventories
pkgs.typstPackages.phonokit_0_2_0
Create phonological representations
pkgs.typstPackages.phonokit_0_3_0
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_5
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_6
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_7
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_4_0
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_4_1
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_4_5
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_4_6
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_0
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_1
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_2
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_3
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_4
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_5
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_6
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_7
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_8
A toolkit to create phonological representations
pkgs.libsForQt5.phonon-backend-vlc
None
pkgs.python312Packages.pythonocc-core
None
pkgs.python313Packages.pythonocc-core
Python wrapper for the OpenCASCADE 3D modeling kernel
-
nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
-
nixos-26.05 7.9.0-unstable-2025-12-31
- nixos-26.05-small 7.9.0-unstable-2025-12-31
- nixpkgs-26.05-darwin 7.9.0-unstable-2025-12-31
pkgs.python314Packages.pythonocc-core
Python wrapper for the OpenCASCADE 3D modeling kernel
-
nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
-
nixos-26.05 7.9.0-unstable-2025-12-31
- nixos-26.05-small 7.9.0-unstable-2025-12-31
- nixpkgs-26.05-darwin 7.9.0-unstable-2025-12-31
pkgs.plasma5Packages.phonon-backend-vlc
None
pkgs.libsForQt5.phonon-backend-gstreamer
None
pkgs.plasma5Packages.phonon-backend-gstreamer
None
Package maintainers
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@bkchr Bastian Köcher <nixos@kchr.de>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@K900 Ilya K. <me@0upti.me>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@PsyanticY Psyanticy <iuns@outlook.fr>
-
@CHN-beta Haonan Chen <chn@chn.moe>
-
@cherrypiejam Gongqi Huang
-
@RossSmyth Ross Smyth