Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deno missing "--allow-net" permission check for built-in Node modules
Vulnerability Description
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
特权管理不恰当
Vulnerability Title
Deno 安全漏洞
Vulnerability Description
Deno是开源的一个简单、现代且安全的JavaScript和 TypeScript运行环境。它使用 V8 并使用 Rust 构建。 Deno 1.34.0版本、 deno_runtime 0.114.0版本存在安全漏洞,该漏洞源于对使用内置node:http或node:https模块发出的出站 HTTP 请求未根据网络权限设置进行错误检查。
CVSS Information
N/A
Vulnerability Type
N/A