Advisory #58 - RyotaK's Vuln DB

Advisory #58

Title	Deno Standard Modules code injection in encoding/yaml
CVE ID	CVE-2021-42139
Vendor	Deno Land Inc.
Affected product	Deno Standard Modules
Affected versions	<= 0.106.0
Vulnerability type	CWE-94 (Code Injection)
Description	encoding/yaml of Deno Standard Modules has a code injection vulnerability, which allows a malicious YAML to execute arbitrary JavaScripts via functions if EXTENDED_SCHEMA is used.
Status	Fixed in 0.107.0.
Recommendation	Update to 0.107.0 or above.