Количество 2
Количество 2
CVE-2026-22864
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing (for example .BAT, .Bat, etc.). This vulnerability is fixed in 2.5.6.
GHSA-m3c4-prhw-mrx6
Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-22864 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing (for example .BAT, .Bat, etc.). This vulnerability is fixed in 2.5.6. | CVSS3: 8.1 | 0% Низкий | 24 дня назад |
| GHSA-m3c4-prhw-mrx6 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass | CVSS3: 8.1 | 0% Низкий | 23 дня назад |
Уязвимостей на страницу