Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Vulnerability Description
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Deno 安全漏洞
Vulnerability Description
Deno是开源的一个简单、现代且安全的JavaScript和 TypeScript运行环境。它使用 V8 并使用 Rust 构建。 Deno v1.8.0到1.40.4版本存在安全漏洞,该漏洞源于Deno 不正确地检查导入说明符的主机名是否等于令牌主机名或其子级,导致令牌被发送到攻击者服务器。
CVSS Information
N/A
Vulnerability Type
N/A