Loading...

Ready to See Your True Attack Surface?

Join thousands of security teams who trust ZeroVault to discover vulnerabilities before attackers do. Get started with a personalized demo.

Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its CORS middleware: when the origin is not set to "*", the middleware copies the Vary header from the incoming request into the response