Nixpkgs Security Tracker

Dismissed

Permalink CVE-2026-24771

4.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 3 weeks ago
@LeSuisse removed
12 packages
- libsForQt5.phonon
- kdePackages.phonon
- kdePackages.phonon-vlc
- plasma5Packages.phonon
- python312Packages.phonopy
- python313Packages.phonopy
- libsForQt5.phonon-backend-vlc
- python312Packages.pythonocc-core
- python313Packages.pythonocc-core
- plasma5Packages.phonon-backend-vlc
- libsForQt5.phonon-backend-gstreamer
- plasma5Packages.phonon-backend-gstreamer
1 month, 2 weeks ago
@LeSuisse dismissed 1 month, 2 weeks ago

Hono has a Cross-site Scripting vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as raw HTML, allowing arbitrary script execution in the victim's browser. Version 4.11.7 patches the issue.

References

https://github.com/honojs/hono/commit/2cf60046d730df9fd0aba85178f3ecfe8212d990 x_refsource_MISC
https://github.com/honojs/hono/security/advisories/GHSA-9r54-q6cx-xmh5 x_refsource_CONFIRM

Affected products

hono

==< 4.11.7

Not present in nixpkgs

Suggestion detail

References

Affected products