RyotaK's Blog 技術的な話とか
タグ Deno を持つ記事:

Arbitrary package tampering in Deno registry + Code Injection in encoding/yaml

(この記事は日本語でも読むことが出来ます。) Disclaimer Deno Land Inc., which develops Deno, isn’t running bug bounty programs, so they don’t explicitly allow vulnerability assessments. This article describes the vulnerabilities that were reported as potential vulnerabilities, using publicly available information. This was done without actually exploiting/demonstrating the vulnerabilities and it’s not intended to encourage you to perform an unauthorized vulnerability assessment. If you find any vulnerabilities in Deno-related services/products, please report them to [email protected] Also, the information contained in this article may be inaccurate

Denoのレジストリにおける任意パッケージの改竄 + encoding/yamlのCode Injection

(You can read this article in English too.) 免責事項 Denoを開発しているDeno Land Inc.は、脆弱性報奨金制度等を実施しておらず、脆弱性の診断行為に関する明示的な許可を出していません。 本記事は、公開されている情報を元に脆弱性の