Lucene search
PRIOn knowledge basePRION:CVE-2023-33966HistoryMay 31, 2023 - 6:15 p.m.
Design/Logic Flaw
2023-05-3118:15:00
PRIOn knowledge base
www.prio-n.com
4
deno runtime
logic flaw
outbound http
node:http
node:https
network permission
vulnerability
patched
update
deno deploy
nvd
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list (--allow-net). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| deno | eq | 1.34.0 | |
| deno_runtime | eq | 0.114.0 |
Related
nvd
nvd
CVE-2023-33966
2023-05-31 18:15:09
cvelist
cvelist
github
github
Missing "--allow-net" permission check for built-in Node modules
2023-05-31 23:39:40
osv
osv
CVE-2023-33966
2023-05-31 18:15:09
Missing "--allow-net" permission check for built-in Node modules
2023-05-31 23:39:40
cve
cve
CVE-2023-33966
2023-05-31 18:15:09