x402 SDK vulnerable in outdated versions in resource servers for builders
- Severity:
- High
Description
There is a security vulnerability in outdated versions of the x402 SDK. This does not directly affect users’ keys, smart contracts, or funds.
This primarily impacts builders working on resource servers.
Recommendation
Update the x402-hono package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.5.2
- Patched version(s): 0.5.2
References
Related Issues
- tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript - CVE-2025-48939
- Potential DoS when using ContextLines integration (GHSA-r5w7-f542-q2j4) 8 - Vulnerability
- Potential DoS when using ContextLines integration (GHSA-r5w7-f542-q2j4) 7 - Vulnerability
- Potential DoS when using ContextLines integration (GHSA-r5w7-f542-q2j4) 6 - Vulnerability
- Tags:
- npm
- x402-hono
Anything's wrong? Let us know Last updated on August 20, 2025