4.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
Deno improperly checks that an import specifier’s hostname is equal to or a child of a token’s hostname, which can cause tokens to be sent to servers they shouldn’t be sent to. An auth token intended for example.com
may be sent to notexample.com
.
auth_tokens.rs uses a simple ends_with check, which matches www.deno.land
to a deno.land
token as intended, but also matches im-in-ur-servers-attacking-ur-deno.land
to deno.land
tokens.
denovulnpoc.example.com
.[email protected] deno run https://not-a-left-truncated.domain
. For example, [email protected] deno run https://denovulnpoc.example.com
What kind of vulnerability is it? Who is impacted?
Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected.
4.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%