Lucene search
K

62 matches found

NVD
NVD
added 2025/01/06 11:15 p.m.13 views

CVE-2025-21620

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original...

7.5CVSS0.00504EPSS
Exploits0References1
CVE
CVE
added 2025/01/06 10:26 p.m.53 views

CVE-2025-21620

CVE-2025-21620 affects Deno’s fetch() redirect handling: when an Authorization header is sent to one domain and the response redirects to another, the follow-up request preserves the header, potentially leaking it cross-origin. The issue is confirmed in Deno and is mitigated by upgrading to versi...

7.5CVSS7.4AI score0.00504EPSS
Exploits0References1
CVE
CVE
added 2024/11/25 6:44 p.m.56 views

CVE-2024-32468

Deno (Rust-based runtime) with deno_doc HTML generator vulnerabilities: XSS in generated search_index.js where innerHTML is used on unsanitized HTML, and XSS via un sanitized property, method, and enum names. This affects the deno_doc component and could enable Self-XSS when using deno doc --html...

5.4CVSS5.4AI score0.00325EPSS
Exploits0References2
OSV
OSV
added 2024/04/23 4:20 p.m.7 views

GHSA-3MPF-RCC7-5347 Hono vulnerable to Restricted Directory Traversal in serveStatic with deno

Summary When using serveStatic with deno, it is possible to directory traverse where main.ts is located. My environment is configured as per this tutorial https://hono.dev/getting-started/deno PoC bash $ tree . ├── deno.json ├── deno.lock ├── main.ts ├── README.md └── static └── a.txt source jsx...

5.3CVSS5.9AI score0.00642EPSS
Exploits1References4
NVD
NVD
added 2024/04/18 8:15 p.m.27 views

CVE-2024-32477

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between libc::tcflush0, libc::TCIFLUSH and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the...

7.7CVSS7.4AI score0.0034EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/03/22 4:17 a.m.3 views

SUSE CVE-2024-27933

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

8.8CVSS7.6AI score0.02276EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/06 8:56 p.m.21 views

CVE-2024-27934 *const c_void / ExternalPointer unsoundness leading to use-after-free

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe...

8.4CVSS7.9AI score0.00392EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/03/06 8:56 p.m.49 views

CVE-2024-27934 *const c_void / ExternalPointer unsoundness leading to use-after-free

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe...

8.4CVSS9AI score0.00392EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/03/06 8:52 p.m.14 views

CVE-2024-27933 Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

8.2CVSS7.6AI score0.02276EPSS
Exploits1References10
OSV
OSV
added 2024/03/06 8:52 p.m.28 views

CVE-2024-27933 Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

8.2CVSS7.3AI score0.02276EPSS
Exploits1References12
OSV
OSV
added 2024/03/06 8:45 p.m.25 views

CVE-2024-27932 Deno's improper suffix match testing for DENO_AUTH_TOKENS

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

4.6CVSS6.8AI score0.00594EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.6 views

PT-2024-22148 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions 1.36.2 through 1.40.3 Description: The issue arises from the use of inherently unsafe const c void and ExternalPointer which leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. An...

8.8CVSS8AI score0.00392EPSS
Exploits1References6
OSV
OSV
added 2024/03/05 4:43 p.m.8 views

CVE-2024-27931 Insufficient permission checking in `Deno.makeTemp*` APIs

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect othe...

5.8CVSS5.7AI score0.00491EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/06/02 2:29 a.m.5 views

SUSE CVE-2023-33966

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

9.8CVSS6.9AI score0.00625EPSS
Exploits0References3
Prion
Prion
added 2023/05/31 6:15 p.m.24 views

Design/Logic Flaw

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

7.5CVSS9.4AI score0.00625EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/05/31 5:15 p.m.13 views

CVE-2023-33966 Deno missing "--allow-net" permission check for built-in Node modules

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

8.6CVSS9.4AI score0.00625EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/31 12:0 a.m.4 views

Deno 安全漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno version 1.34.0, denoruntime version 0.114.0, which stems from an incorrectly checked outbound HTTP request made using the...

9.8CVSS8.3AI score0.00625EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/04/13 12:0 a.m.5 views

The vulnerability of the execution environment for JavaScript and TypeScript Deno, related to the lack of measures to neutralize special control elements, allows a perpetrator to execute arbitrary code.

The vulnerability of the execution environment for JavaScript and TypeScript in Deno is related to the lack of measures to neutralize special control elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.3AI score0.01142EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.5 views

Eta 跨站脚本漏洞

Eta is Eta open source a lightweight , fast embedded JS template engine . Can run in Node, Deno and browser . A cross-site scripting vulnerability exists in Eta. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

8.6CVSS6.8AI score0.00614EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.33 views

Deno 竞争条件问题漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. Deno suffers from a Competing Conditions Issue vulnerability that arises when a multi-threaded program can spoof an interactive permission prompt by rewriting the...

7.5CVSS7.3AI score0.00601EPSS
Exploits1References3
Rows per page
Query Builder