Описание
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import() or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. The vulnerability has been patched in Deno release 1.10.2.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.5.0 (включая) до 1.10.2 (исключая)
cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00363
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-285
CWE-863
Связанные уязвимости
CVSS3: 9.8
github
больше 4 лет назад
Deno's static imports inside dynamically imported modules do not adhere to permission checks
EPSS
Процентиль: 58%
0.00363
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-285
CWE-863