CPE Details
Deno Land deno_runtime 0.114.0 for Rust
0.114.0
2023-09-29
09h33 +00:00
09h33 +00:00
2023-09-29
09h33 +00:00
09h33 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:deno:deno_runtime:0.114.0:*:*:*:*:rust:*:*
Informations
Vendor
denoProduct
deno_runtimeVersion
0.114.0Target Software
rustRelated CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to the program are based on the contents that contain the ANSI escape sequences. Any Deno program can spoof the content of the interactive permission prompt by inserting a broken ANSI code, which allows a malicious Deno program to display the wrong file path or program name to the user. Version 1.41.0 of the deno library contains a patch for the issue. | 8.8 |
Haute |
||
| Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue. | 9.8 |
Critique |
