Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Static imports inside dynamically imported modules do not adhere to permission checks
Vulnerability Description
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through `import()` or `new Worker` might have been able to bypass network and file system permission checks when statically importing other modules. The vulnerability has been patched in Deno release 1.10.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制不恰当
Vulnerability Title
Deno 授权问题漏洞
Vulnerability Description
Deno是开源的一个简单、现代且安全的JavaScript和 TypeScript运行环境。它使用 V8 并使用 Rust 构建。 Deno 1.5.0版本到1.10.1版本存在授权问题漏洞,该漏洞源于通过 import() 或 new Worker 动态导入的模块在静态导入其他模块时可能能够绕过网络和文件系统权限检查。
CVSS Information
N/A
Vulnerability Type
N/A