CVE-2024-27932

CVSS V2 None CVSS V3 None
Description
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue
Overview
  • CVE ID
  • CVE-2024-27932
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-03-06T20:45:16.373Z
  • Last Modified Date
  • 2024-03-06T20:45:16.373Z
History
Created Old Value New Value Data Type Notes
2024-06-26 01:47:53 Added to TrackCVE