Upstream information

CVE-2024-27932 at MITRE


Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1221807 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Thu Mar 21 07:24:14 2024
CVE page last modified: Thu Apr 4 11:40:57 2024