6 matches found
CVE-2025-21620
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original...
CVE-2025-21620
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original...
CVE-2025-21620
creationtimestamp| type| source ---|---|--- 2025-01-06 22:28:57+00:00| seen| https://infosec.exchange/users/cve/statuses/113783769484392065 2025-01-06 22:36:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/260 2025-01-06 23:15:40+00:00| seen|...
deno (>=1.5.2 <=1.31.3), deno_runtime (>=0.1.0 <=0.107.0) +12 more potentially affected by CVE-2025-21620 via deno_fetch (>=0.100.0 <=0.18.0)
denofetch CARGO version =0.100.0, =1.5.2, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.7.0, =0.4.1, =0.4.1, =0.4.1, =0.4.1, =0.4.2 - zinniaruntime =0.0.3 Source cves: CVE-2025-21620 Source advisory: OSV:GHSA-F27P-CMV8-XHM6...
deno_cli (>=0.18.0-preview4 <=0.23.0), deno_cli_snapshots (>=0.0.3 <=0.19.0) +2 more potentially affected by CVE-2025-21620 via deno (>=0.15.0 <=0.6.0)
deno CARGO version =0.15.0, =0.18.0-preview4, =0.0.3, =0.0.1, =0.23.0 Source cves: CVE-2025-21620 Source advisory: OSV:GHSA-F27P-CMV8-XHM6...
CVE-2025-21620 Deno's authorization headers not dropped when redirecting cross-origin
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original...