Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 2:58 a.m.3 views

CVE-2025-21620

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original...

7.5CVSS6.6AI score0.00504EPSS
Exploits0References1
NVD
NVD
added 2025/01/06 11:15 p.m.14 views

CVE-2025-21620

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original...

7.5CVSS0.00504EPSS
Exploits0References1
Circl
Circl
added 2025/01/06 10:28 p.m.8 views

CVE-2025-21620

creationtimestamp| type| source ---|---|--- 2025-01-06 22:28:57+00:00| seen| https://infosec.exchange/users/cve/statuses/113783769484392065 2025-01-06 22:36:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/260 2025-01-06 23:15:40+00:00| seen|...

7.5CVSS7.3AI score0.00504EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2025/01/06 10:27 p.m.6 views

deno (>=1.5.2 <=1.31.3), deno_runtime (>=0.1.0 <=0.107.0) +12 more potentially affected by CVE-2025-21620 via deno_fetch (>=0.100.0 <=0.18.0)

denofetch CARGO version =0.100.0, =1.5.2, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.7.0, =0.4.1, =0.4.1, =0.4.1, =0.4.1, =0.4.2 - zinniaruntime =0.0.3 Source cves: CVE-2025-21620 Source advisory: OSV:GHSA-F27P-CMV8-XHM6...

7.5CVSS7.1AI score0.00504EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/01/06 10:27 p.m.3 views

deno_cli (>=0.18.0-preview4 <=0.23.0), deno_cli_snapshots (>=0.0.3 <=0.19.0) +2 more potentially affected by CVE-2025-21620 via deno (>=0.15.0 <=0.6.0)

deno CARGO version =0.15.0, =0.18.0-preview4, =0.0.3, =0.0.1, =0.23.0 Source cves: CVE-2025-21620 Source advisory: OSV:GHSA-F27P-CMV8-XHM6...

7.5CVSS7.1AI score0.00504EPSS
Exploits0
Cvelist
Cvelist
added 2025/01/06 10:26 p.m.21 views

CVE-2025-21620 Deno's authorization headers not dropped when redirecting cross-origin

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original...

7.5CVSS0.00504EPSS
Exploits0References1
Rows per page
Query Builder