Lucene search
+L

67 matches found

AlpineLinux
AlpineLinux
added 2025/10/08 12:49 a.m.4 views

CVE-2025-61786

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

3.3CVSS6.6AI score0.00182EPSS
Exploits1References5
OSV
OSV
added 2025/10/08 12:49 a.m.6 views

CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

3.3CVSS6.3AI score0.00182EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.7 views

PT-2025-41208

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.5.3 Deno versions prior to 2.2.15 Description Deno is a JavaScript, TypeScript, and WebAssembly runtime. The Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync functions are not limited by the...

3.3CVSS4.4AI score0.00184EPSS
Exploits1References13
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.8 views

Deno 安全漏洞

Deno is a simple, modern and secure JavaScript and TypeScript runtime environment from Deno Open Source. A security vulnerability exists in Deno versions prior to 2.5.3 and prior to 2.2.15, which stems from the fact that the utime and utimeSync methods are not constrained by the privilege model,...

3.3CVSS4.2AI score0.00184EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.9 views

PT-2025-41209

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.5.3 Deno versions prior to 2.2.15 Description Deno is a JavaScript, TypeScript, and WebAssembly runtime. The Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync functions do not enforce the --deny-read=./...

3.3CVSS6.4AI score0.00182EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2134

Malware in sbrugna...

9.8CVSS9AI score0.01113EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0943

Malicious code in bioql PyPI...

6.5CVSS5.9AI score0.00491EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0507

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00601EPSS
Exploits1References5
OSV
OSV
added 2025/08/12 12:15 a.m.18 views

GHSA-R3V7-PC4G-7XP9 Oak Server has ReDoS in x-forwarded-proto and x-forwarded-for headers

Summary With specially crafted value of the x-forwarded-proto or x-forwarded-for headers, it's possible to significantly slow down an oak server. Vulnerable Code - https://github.com/oakserver/oak/blob/v17.1.5/request.tsL87 - https://github.com/oakserver/oak/blob/v17.1.5/request.tsL142 PoC - setu...

5.3CVSS7AI score0.00388EPSS
Exploits0References6
CVE
CVE
added 2025/08/09 1:29 a.m.49 views

CVE-2025-55152

CVE-2025-55152 affects the oak middleware (Deno/native HTTP stack) with vulnerable versions 17.1.5 and earlier. Public records describe a Regular Expression Denial of Service / DoS: using specially crafted values in the headers x-forwarded-proto or x-forwarded-for can cause substantial slowdown o...

5.3CVSS7.1AI score0.00388EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/06 7:17 p.m.15 views

CVE-2025-48888

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

6.9CVSS7.1AI score0.00342EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/06/06 2:14 a.m.4 views

SUSE CVE-2025-48934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false...

6.9CVSS7AI score0.00359EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/06/06 2:14 a.m.5 views

SUSE CVE-2025-48935

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...

9.1CVSS6.8AI score0.0041EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/06/04 9:18 p.m.3 views

deno (>=1.8.2 <=1.31.3), deno_3p_lib (=1.8.2) +2 more potentially affected by CVE-2025-48934 via deno_runtime (>=0.100.0 <=0.20.0)

denoruntime CARGO version =0.100.0, =1.8.2, =1.31.3 - deno3plib =1.8.2 - denoclilib =1.8.3 - vl-convert-rs =0.8.0 Source cves: CVE-2025-48934 Source advisory: OSV:GHSA-7W8P-CHXQ-2789...

6.9CVSS5.8AI score0.00359EPSS
Exploits1
NVD
NVD
added 2025/06/04 8:15 p.m.38 views

CVE-2025-48934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false...

6.9CVSS0.00359EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/06/04 8:15 p.m.4 views

CVE-2025-48934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false...

6.9CVSS7.3AI score0.00359EPSS
Exploits1References6
OSV
OSV
added 2025/06/04 7:31 p.m.4 views

CVE-2025-48935 Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...

6.9CVSS6.5AI score0.0041EPSS
Exploits1References4
CVE
CVE
added 2025/06/04 7:21 p.m.69 views

CVE-2025-48934

CVE-2025-48934 affects Deno runtime prior to v2.1.13 and v2.2.13, where Deno.env.toObject() can reveal environment variables despite --deny-env, due to the reading of variables exempt from the deny filter. The issue allows code to access most environment variables via toObject, potentially leakin...

6.9CVSS6.5AI score0.00359EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/04 7:15 p.m.4 views

CVE-2025-48888 Deno run with --allow-read and --deny-read flags results in allowed

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

6.9CVSS7AI score0.00342EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/06/04 7:15 p.m.3 views

CVE-2025-48888

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

6.9CVSS7.2AI score0.00342EPSS
Exploits1References6
Rows per page
Query Builder