1 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. • https://github.com/denoland/deno/releases/tag/v1.34.1 https://github.com/denoland/deno/security/advisories/GHSA-vc52-gwm3-8v2f • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •