CVE-2025-21620 – Deno Authorization Header Leakage

1月 7, 2025
12:18 am

CVE ID : CVE-2025-21620

Published : Jan. 6, 2025, 11:15 p.m. | 1 hour, 3 minutes ago

Description : Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno’sfetch() redirect handling creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain. This vulnerability is fixed in 2.1.2.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-21620 – Deno Authorization Header Leakage

Elvescore.io

Recent Posts

CVE-2024-11816 – WordPress WP Extended Remote Code Execution (RCE)

CVE-2024-11916 – “WordPress Toolkit WP Extended Code Injection Vulnerability”

CVE-2024-12112 – WordPress Easy Form Builder Stored Cross-Site Scripting

CVE-2024-12521 – WordPress Slotti Ajanvaraus Stored Cross-Site Scripting Vulnerability

CVE-2024-12713 – WordPress SureForms Information Exposure

CVE-2024-54121 – Oracle Ability Startup Control Denial of Service Vulnerability

CVE-2025-21620 – Deno Authorization Header Leakage

CVE-2025-21620 – Deno Authorization Header Leakage