Page 2 of 7 results (0.005 seconds)

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue Deno es un tiempo de ejecución de JavaScript, TypeScript y WebAssembly. • https://github.com/denoland/deno/blob/3f4639c330a31741b0efda2f93ebbb833f4f95bc/cli/auth_tokens.rs#L89 https://github.com/denoland/deno/commit/de23e3b60b066481cc390f459497d5bef42a899b https://github.com/denoland/deno/security/advisories/GHSA-5frw-4rwq-xhcr • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in `Deno.makeTemp*` APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a `Deno.makeTemp*` API containing path traversal characters. This is fixed in Deno 1.41.1. • https://github.com/denoland/deno/security/advisories/GHSA-hrqr-jv8w-v9jh • CWE-20: Improper Input Validation •