Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass
Vulnerability Description
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing (for example .BAT, .Bat, etc.). This vulnerability is fixed in 2.5.6.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Deno 命令注入漏洞
Vulnerability Description
Deno是Deno开源的一个简单、现代且安全的 JavaScript 和 TypeScript 运行环境。 Deno 2.5.6之前版本存在命令注入漏洞,该漏洞源于对扩展名执行区分大小写的比较,可能导致绕过路径检查。
CVSS Information
N/A
Vulnerability Type
N/A