CVE-2021-32619
Static imports inside dynamically imported modules do not adhere to permission checks
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through `import()` or `new Worker` might have been able to bypass network and file system permission checks when statically importing other modules. The vulnerability has been patched in Deno release 1.10.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
denoland · deno¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →