Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-24472

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 3 months, 3 weeks ago Activity log

Created suggestion 3 months, 3 weeks ago

Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as `Cache-Control: private` or `Cache-Control: no-store`, which may result in private or authenticated responses being cached and subsequently exposed to unauthorized users. Version 4.11.7 has a patch for the issue.

References

https://github.com/honojs/hono/security/advisories/GHSA-6wqw-2p9w-4vw4 x_refsource_CONFIRM
https://github.com/honojs/hono/commit/12c511745b3f1e7a3f863a23ce5f921c7fa805d1 x_refsource_MISC
https://github.com/honojs/hono/releases/tag/v4.11.7 x_refsource_MISC

Affected products

hono

==< 4.11.7

Matching in nixpkgs

pkgs.libsForQt5.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1

pkgs.kdePackages.phonon

Multi-platform sound framework for application developers

nixos-unstable 4.12.0
- nixpkgs-unstable 4.12.0
- nixos-unstable-small 4.12.0

pkgs.kdePackages.phonon-vlc

VLC backend for the Phonon multimedia library

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0

pkgs.plasma5Packages.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1

pkgs.python312Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 2.43.2
- nixpkgs-unstable 2.43.2
- nixos-unstable-small 2.43.2

pkgs.python313Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 2.43.2
- nixpkgs-unstable 2.43.2
- nixos-unstable-small 2.43.2

pkgs.libsForQt5.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3

pkgs.python312Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.8.1.1
- nixpkgs-unstable 7.8.1.1
- nixos-unstable-small 7.8.1.1

pkgs.python313Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.8.1.1
- nixpkgs-unstable 7.8.1.1
- nixos-unstable-small 7.8.1.1

pkgs.plasma5Packages.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3

pkgs.libsForQt5.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0

pkgs.plasma5Packages.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0

Package maintainers

@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@bkchr Bastian Köcher <nixos@kchr.de>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@FRidh Frederik Rietdijk <fridh@fridh.nl>
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
@NickCao Nick Cao <nickcao@nichi.co>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@K900 Ilya K. <me@0upti.me>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@CHN-beta Haonan Chen <chn@chn.moe>
@PsyanticY Psyanticy <iuns@outlook.fr>