deno (=1.28.3), deno_runtime (=0.88.0) potentially affected by CVE-2025-21620 via deno_fetch (=0.103.0)
Details
CVSS v3
7.5
NVD published
2025-01-06 23:15:07
EPSS
0.2% probability · 41.3th percentile — 2026-04-05
Affected versions
Not available in our cache.
Summary
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch() redirect handling creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain. This vulnerability is fixed in 2.1.2.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.