Deno Security Vulnerabilities and Issues — Deno CVE List

Lucene search

DenoDeno

9 matches found

CVE•added 2024/06/06 4:15 p.m.•210 views

CVE-2024-37150

An issue in .npmrc support in Deno 1.44.0 was discovered where Deno would send .npmrc credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain. All users relying on .npmrc are potentially affected by this vulnerability if their private registr...

7.6CVSS6.8AI score0.00219EPSS

CVE•added 2024/03/21 2:52 a.m.•85 views

CVE-2024-27933

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in op_node_ipc_pipe() leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node child_p...

8.8CVSS8.4AI score0.00016EPSS

CVE•added 2024/03/05 5:15 p.m.•70 views

CVE-2024-27931

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp* APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other...

6.5CVSS5.5AI score0.00245EPSS

CVE•added 2024/03/21 2:52 a.m.•68 views

CVE-2024-27936

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request conte...

8.8CVSS8.6AI score0.0052EPSS

CVE•added 2024/03/21 2:52 a.m.•66 views

CVE-2024-27935

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or ...

8.3CVSS7.2AI score0.00234EPSS

CVE•added 2024/03/21 2:52 a.m.•64 views

CVE-2024-27934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe *const c_void and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe *...

8.8CVSS8.8AI score0.00288EPSS

CVE•added 2024/04/18 8:15 p.m.•55 views

CVE-2024-32477

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between libc::tcflush(0, libc::TCIFLUSH) and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the u...

7.7CVSS6.6AI score0.00019EPSS

CVE•added 2024/03/21 2:52 a.m.•54 views

CVE-2024-27932

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth ...

4.6CVSS4.6AI score0.00609EPSS

CVE•added 2024/05/07 9:15 p.m.•51 views

CVE-2024-34346

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access equival...

8.4CVSS6.9AI score0.00035EPSS