2 matches found
CVE-2023-33966 Deno missing "--allow-net" permission check for built-in Node modules
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...
CVE-2023-33966
Deno 1.34.0 and deno_runtime 0.114.0 allow outbound HTTP requests via built-in node:http/node:https without checking the network allow-list. This affects dependencies using these modules. The issue is patched in Deno v1.34.1 and deno_runtime 0.114.1; update all affected installations. Deno Deploy...