CNNVD-202601-2696 Information

CNNVD ID

CNNVD-202601-2696

Related CVE

CVE-2026-22864

• CNNVD Published: 2026-01-15

Description (Chinese)

Deno是Deno开源的一个简单、现代且安全的 JavaScript 和 TypeScript 运行环境。 Deno 2.5.6之前版本存在命令注入漏洞，该漏洞源于对扩展名执行区分大小写的比较，可能导致绕过路径检查。

Description (English)

Deno is a simple, modern and safe JavaScript and TypeScript operating environment for Deno. The previous version of Deno 2.5.6 had a command-infusion loophole, which originated from case-by-case comparison of extensions and could lead to bypassing path checks.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

Deno

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/denoland/deno/releases/tag/v2.5.6 https://github.com/denoland/deno/security/advisories/GHSA-m3c4-prhw-mrx6

Patch

https://deno.com/