pkg:crates.io/deno

All known vulnerabilities

• CRITICAL10.0CVE-2022-24783Sandbox bypass leading to arbitrary code execution in Deno
  >= 1.18.0, < 1.20.3
• CRITICAL9.8CVE-2021-32619Deno's static imports inside dynamically imported modules do not adhere to permission checks
  >= 1.5.0, < 1.10.2
• CRITICAL9.1--allow-read / --allow-write permission bypass in `node:sqlite`
  >= 2.2.0, < 2.2.5
• CRITICAL9.1--allow-read / --allow-write permission bypass in `node:sqlite`
  >= 2.2.0, < 2.2.5
• HIGH8.8Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
  >= 1.32.1, < 1.41.0
• HIGH8.8Interactive `run` permission prompt spoofing via improper ANSI neutralization
  >= 1.8.0, < 1.31.2
• HIGH8.8Deno is vulnerable to race condition via interactive permission prompt spoofing
  >= 1.9.0, < 1.29.3
• HIGH8.6Missing "--allow-net" permission check for built-in Node modules
  >= 1.34.0, < 1.34.1
• HIGH8.4Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
  from 0, < 1.43.1
• HIGH8.4*const c_void / ExternalPointer unsoundness leading to use-after-free
  >= 1.36.2, < 1.40.3
• HIGH8.4Link Following in Deno
  from 0, < 1.16.0
• HIGH8.2Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
  >= 1.39.0, < 1.39.1
• HIGH8.1Deno vulnerable to command Injection via incomplete shell metacharacter blocklist in node:child_process
  >= 2.7.0, < 2.7.2
• HIGH8.1Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
  from 0, < 2.6.8
• HIGH8.1Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass
  from 0, < 2.5.6
• HIGH8.1Deno is Vulnerable to Command Injection on Windows During Batch File Execution
  from 0, < 2.5.2
• HIGH7.5fetch: Authorization headers not dropped when redirecting cross-origin
  from 0, <= 1.46.3
• HIGH7.4Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
  >= 2.0.0, < 2.7.8
• HIGH7.2Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
  >= 1.35.1, < 1.36.3
• MEDIUM5.8Insufficient permission checking in `Deno.makeTemp*` APIs
  from 0, < 1.41.1
• MEDIUM5.3Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
  from 0, < 2.0.0
• MEDIUM5.3Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables
  from 0, < 2.1.13
• MEDIUM5.3Deno run with --allow-read and --deny-read flags results in allowed
  >= 1.41.3, < 2.1.13
• MEDIUM5.3Regular Expression Denial of Service in Deno.upgradeWebSocket API
  >= 1.12.0, < 1.31.0
• MEDIUM4.6Deno's improper suffix match testing for DENO_AUTH_TOKENS
  >= 1.8.0, < 1.40.4
• LOW3.3Deno's --deny-read check does not prevent permission bypass
  from 0, < 2.5.3
• LOW3.3Deno's --deny-write check does not prevent permission bypass
  from 0, < 2.5.3
• —Deno node:crypto doesn't finalize cipher
  from 0, < 2.6.0
• —Deno's AES GCM authentication tags are not verified
  >= 1.46.0, < 2.1.7