Description

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. This vulnerability is fixed in 2.6.0.

Related CPE's

a

deno

deno

Vulnerable

References

https://github.com/denoland/deno/releases/tag/v2.6.0

Release Notes

https://github.com/denoland/deno/security/advisories/GHSA-5379-f5hf-w38v

ExploitVendor Advisory

Weaknesses

[email protected]

Primary
CWE-325

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-15T23:15:51.767Z

1 month ago

Last modified

2026-01-21T14:35:52.730Z

1 month ago