CVE-2024-21486: Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

June 5, 2025

Static imports are exempted from the network permission check. An attacker could exploit this to leak the password file on the network.

References

github.com/advisories/GHSA-jv4x-jv3h-qff5
github.com/denoland/deno
github.com/denoland/deno/security/advisories/GHSA-jv4x-jv3h-qff5
nvd.nist.gov/vuln/detail/CVE-2024-21486

Code Behaviors & Features

Detect and mitigate CVE-2024-21486 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →