Upstream information
Description
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a denied IP, bypassing the network restriction entirely. This vulnerability is fixed in 2.8.1.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
SUSE Bugzilla entry: 1268499 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Wed Jun 17 00:00:31 2026CVE page last modified: Tue Jun 23 21:29:37 2026