Lucene search
K

4 matches found

OSV
OSV
added 2026/06/16 7:4 p.m.5 views

GHSA-4C8G-JVCX-V4HV Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read access

Summary In Deno, environment access is gated by the env permission. You can deny it with --deny-env, or restrict it to a specific allowlist with --allow-env=FOO,BAR. The expectation is that a program running without env permission cannot change process.env. process.loadEnvFile the Node-compatible...

5.2CVSS5.4AI score0.00098EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50155

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.8.1 Description Environment access is managed by the env permission, which can be restricted via --deny-env or an allowlist using --allow-env=FOO,BAR. The process.loadEnvFile function, a Node-compatible API for loading...

5.2CVSS5.8AI score0.00098EPSS
Exploits0References6
OSV
OSV
added 2026/04/14 1:10 p.m.6 views

JLSEC-2026-110 Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables

Summary The Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false impression that variables listed in the option are impossible to read. PoC export...

6.9CVSS5.9AI score0.00359EPSS
Exploits1References8
AlpineLinux
AlpineLinux
added 2025/06/04 8:15 p.m.3 views

CVE-2025-48934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false...

6.9CVSS7.3AI score0.00359EPSS
Exploits1References6
Rows per page
Query Builder