Description

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through `import()` or `new Worker` might have been able to bypass network and file system permission checks when statically importing other modules. The vulnerability has been patched in Deno release 1.10.2.

Related CPE's

a

deno

deno

Vulnerable

References

https://github.com/denoland/deno/security/advisories/GHSA-xpwj-7v8q-mcgj

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-863

[email protected]

Secondary
CWE-285

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-05-28T21:15:08.893

4 years ago

Last modified

2022-08-05T12:36:58.143

2 years ago