Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rdyz-9auw-qufx
Vulnerability ID VCID-rdyz-9auw-qufx
Aliases CVE-2024-32869
GHSA-3mpf-rcc7-5347
Summary Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where `main.ts` is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for the issue.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.01668 https://api.first.org/data/v1/epss?cve=CVE-2024-32869
epss 0.01668 https://api.first.org/data/v1/epss?cve=CVE-2024-32869
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-3mpf-rcc7-5347
cvssv3.1 5.3 https://github.com/honojs/hono
generic_textual MODERATE https://github.com/honojs/hono
cvssv3.1 5.3 https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65
generic_textual MODERATE https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65
ssvc Track https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65
cvssv3.1 5.3 https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347
cvssv3.1_qr MODERATE https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347
generic_textual MODERATE https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347
ssvc Track https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2024-32869
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-32869
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-32869
https://github.com/honojs/hono
92e65fbb6e5e7372650e7690dbd84938432d9e65 https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65
CVE-2024-32869 https://nvd.nist.gov/vuln/detail/CVE-2024-32869
GHSA-3mpf-rcc7-5347 https://github.com/advisories/GHSA-3mpf-rcc7-5347
GHSA-3mpf-rcc7-5347 https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/honojs/hono
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:47:56Z/ Found at https://github.com/honojs/hono/commit/92e65fbb6e5e7372650e7690dbd84938432d9e65
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:47:56Z/ Found at https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-32869
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.82507
EPSS Score 0.01668
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:41:42.049958+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2024/32xxx/CVE-2024-32869.json 38.6.0