Severity: High (Appsec H4)
`bun audit` found 6 vulnerabilities:
- High: `@hono/node-server` (<1.19.10) — authorization bypass via encoded slashes
- High: `express-rate-limit` (>=8.2.0 <8.2.2) — IPv4-mapped IPv6 bypass
- High: `hono` (<4.12.4) — arbitrary file access via serveStatic
- Moderate: `esbuild` (<=0.24.2) — dev server request exposure
- Moderate: `hono` (<4.12.4) — cookie attribute injection, SSE control field injection
Currently on Hono 4.12.3, needs ≥4.12.4.
Recommendation: `bun update` to upgrade all affected packages.
Severity: High (Appsec H4)
`bun audit` found 6 vulnerabilities:
Currently on Hono 4.12.3, needs ≥4.12.4.
Recommendation: `bun update` to upgrade all affected packages.