CVE-2021-42139

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...

Code injection

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...

CVE-2021-42139

Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations...

CVE-2021-42139

The CVE-2021-42139 issue affects Deno Standard Modules prior to 0.107.0, where code execution can be injected via an untrusted YAML file in certain configurations. Affected component: Deno Standard Modules (before 0.107.0). Root cause: insecure handling of YAML input leading to code injection. Im...

Deno 代码注入漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A code injection vulnerability exists in Deno versions prior to 0.107.0, which stems from allowing code injection via untrusted YAML files in certain configurations...

GHSA-XPWJ-7V8Q-MCGJ Deno's static imports inside dynamically imported modules do not adhere to permission checks

Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...

Deno's static imports inside dynamically imported modules do not adhere to permission checks

Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...

CVE-2021-32619

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...

CVE-2021-32619

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...

Design/Logic Flaw

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...

CVE-2021-32619

Summary: CVE-2021-32619 affects Deno runtimes 1.5.0–1.10.1. A vulnerability in modules dynamically imported via import() or new Worker could bypass network and file-system permission checks when statically importing other modules. Impact (as described): attackers controlling a module in a program...

CVE-2021-32619 Static imports inside dynamically imported modules do not adhere to permission checks

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...

PT-2021-19811 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions 1.5.0 through 1.10.1 Description: The issue concerns modules dynamically imported through import or new Worker that might bypass network and file system permission checks when statically importing other modules. An attacker in...

Deno 授权问题漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. An authorization issue vulnerability exists in Deno versions 1.5.0 through 1.10.1, which arises from the fact that modules dynamically imported via import or new...

Client TLS credentials sent raw to server in npm package nats

Nats is a Node.js client for the NATS messaging system. Problem Description Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The...

Sensitive data exposure in NATS

Overview Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The connection configuration options in these JavaScript-based implementatio...

GHSA-82RF-Q3PR-4F6P Sensitive data exposure in NATS

Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The connection configuration options in these JavaScript-based implementations were...

Sensitive data exposure in NATS

Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The connection configuration options in these JavaScript-based implementations were...