9 matches found
PT-2026-48378
Name of the Vulnerable Software and Affected Versions yt-dlp versions 2023.09.24 through 2026.06.08 Description When curl is used as an external downloader, cookies may be leaked to an unintended host during an HTTP redirect or when the host for download fragments differs from the parent manifest...
PT-2026-48379
Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description A flaw allows a remote attacker to write arbitrary OS-shortcut files, such as .desktop, .url, and .webloc, to the user's filesystem. This occurs because the file extension allowlist used to preve...
JLSEC-2026-114 Deno node:crypto doesn't finalize cipher
Summary The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. PoC js import crypto from "node:crypto"; const key = crypto.randomBytes32; const iv =...
JLSEC-2026-99
Deno =1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory...
GHSA-5379-F5HF-W38V Deno node:crypto doesn't finalize cipher
Summary The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. PoC js import crypto from "node:crypto"; const key = crypto.randomBytes32; const iv =...
CVE-2024-27931
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect othe...
CVE-2023-28445
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...
Deno 安全漏洞
Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno version 1.34.0, denoruntime version 0.114.0, which stems from an incorrectly checked outbound HTTP request made using the...
Deno 安全漏洞
Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno 1.8.0 and earlier versions that exploits a vulnerability that allows a malicious program to clear the first two lines of the...