While working on kandan project, I scanned the dependency manifest and found that it uses a vulnerable version of hono. The scan revealed a cookie handling issue where inconsistencies in cookie name parsing can allow attacker-controlled cookies to bypass validation, potentially leading to session fixation or hijacking.
CVE Report
CVE link
While working on kandan project, I scanned the dependency manifest and found that it uses a vulnerable version of
hono. The scan revealed a cookie handling issue where inconsistencies in cookie name parsing can allow attacker-controlled cookies to bypass validation, potentially leading to session fixation or hijacking.CVE Report
CVE link