CVE-2025-21620
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch() redirect handling creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain. This vulnerability is fixed in 2.1.2.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-01-06 23:15:07
Güncelleme
2025-01-06 23:15:07
Source Identifier
security-advisories@github.com
KEV Date Added
-