{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T19:48:16.521","vulnerabilities":[{"cve":{"id":"CVE-2026-24771","sourceIdentifier":"security-advisories@github.com","published":"2026-01-27T20:16:24.337","lastModified":"2026-02-04T15:28:20.403","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as raw HTML, allowing arbitrary script execution in the victim's browser. Version 4.11.7 patches the issue."},{"lang":"es","value":"Hono es un framework de aplicación web que proporciona soporte para cualquier tiempo de ejecución de JavaScript. Antes de la versión 4.11.7, existe una vulnerabilidad de Cross-Site Scripting (XSS) en el componente `ErrorBoundary` de la librería hono/jsx. Bajo ciertos patrones de uso, las cadenas no confiables controladas por el usuario pueden ser renderizadas como HTML sin procesar, permitiendo la ejecución arbitraria de scripts en el navegador de la víctima. La versión 4.11.7 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*","versionEndExcluding":"4.11.7","matchCriteriaId":"D0406A9F-E15B-452E-940A-ABF25EEAA871"}]}]}],"references":[{"url":"https://github.com/honojs/hono/commit/2cf60046d730df9fd0aba85178f3ecfe8212d990","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/honojs/hono/security/advisories/GHSA-9r54-q6cx-xmh5","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}