Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-24472

created 1 month, 3 weeks ago

Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as `Cache-Control: private` or `Cache-Control: no-store`, which may result in private or authenticated responses being cached and subsequently exposed to unauthorized users. Version 4.11.7 has a patch for the issue.

References

https://github.com/honojs/hono/security/advisories/GHSA-6wqw-2p9w-4vw4 x_refsource_CONFIRM
https://github.com/honojs/hono/commit/12c511745b3f1e7a3f863a23ce5f921c7fa805d1 x_refsource_MISC
https://github.com/honojs/hono/releases/tag/v4.11.7 x_refsource_MISC

Affected products

hono

==< 4.11.7

Matching in nixpkgs

pkgs.libsForQt5.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1

pkgs.kdePackages.phonon

Multi-platform sound framework for application developers

nixos-unstable 4.12.0
- nixpkgs-unstable 4.12.0
- nixos-unstable-small 4.12.0

pkgs.kdePackages.phonon-vlc

VLC backend for the Phonon multimedia library

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0

pkgs.plasma5Packages.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1

pkgs.python312Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 2.43.2
- nixpkgs-unstable 2.43.2
- nixos-unstable-small 2.43.2

pkgs.python313Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 2.43.2
- nixpkgs-unstable 2.43.2
- nixos-unstable-small 2.43.2

pkgs.libsForQt5.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3

pkgs.python312Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.8.1.1
- nixpkgs-unstable 7.8.1.1
- nixos-unstable-small 7.8.1.1

pkgs.python313Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.8.1.1
- nixpkgs-unstable 7.8.1.1
- nixos-unstable-small 7.8.1.1

pkgs.plasma5Packages.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3

pkgs.libsForQt5.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0

pkgs.plasma5Packages.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0

Package maintainers

@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@bkchr Bastian Köcher <nixos@kchr.de>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@K900 Ilya K. <me@0upti.me>
@FRidh Frederik Rietdijk <fridh@fridh.nl>
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@PsyanticY Psyanticy <iuns@outlook.fr>
@CHN-beta Haonan Chen <chn@chn.moe>