Advisory #58
TitleDeno Standard Modules code injection in encoding/yaml
CVE IDCVE-2021-42139
VendorDeno Land Inc.
Affected productDeno Standard Modules
Affected versions<= 0.106.0
Vulnerability typeCWE-94 (Code Injection)
Descriptionencoding/yaml of Deno Standard Modules has a code injection vulnerability, which allows a malicious YAML to execute arbitrary JavaScripts via functions if EXTENDED_SCHEMA is used.
StatusFixed in 0.107.0.
RecommendationUpdate to 0.107.0 or above.