Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.
Affected products
- ==< 2.6.8
Matching in nixpkgs
pkgs.deno
Secure runtime for JavaScript and TypeScript
pkgs.speech-denoiser
Speech denoise lv2 plugin based on RNNoise library
-
nixos-unstable 0-unstable-2018-10-08
- nixpkgs-unstable 0-unstable-2018-10-08
- nixos-unstable-small 0-unstable-2018-10-08
-
nixos-25.11 0-unstable-2018-10-08
- nixos-25.11-small 0-unstable-2018-10-08
- nixpkgs-25.11-darwin 0-unstable-2018-10-08
pkgs.openimagedenoise
High-Performance Denoising Library for Ray Tracing
pkgs.terraform-providers.deno
None
pkgs.python312Packages.denonavr
Automation Library for Denon AVR receivers
pkgs.python313Packages.denonavr
Automation Library for Denon AVR receivers
pkgs.haskellPackages.pandoc-sidenote
Convert Pandoc Markdown-style footnotes into sidenotes
pkgs.terraform-providers.denoland_deno
None
pkgs.gnomeExtensions.denon-avr-controler
Denon AVR controler
pkgs.python312Packages.bnunicodenormalizer
Bangla Unicode Normalization Toolkit
pkgs.python313Packages.bnunicodenormalizer
Bangla Unicode Normalization Toolkit
pkgs.python314Packages.bnunicodenormalizer
Bangla Unicode Normalization Toolkit
pkgs.vscode-extensions.denoland.vscode-deno
Language server client for Deno
pkgs.home-assistant-component-tests.denonavr
Open source home automation that puts local control and privacy first
pkgs.tests.home-assistant-component-tests.denonavr
Open source home automation that puts local control and privacy first
Package maintainers
-
@ofalvai Olivér Falvai <ofalvai@gmail.com>
-
@06kellyjac Jack <hello+nixpkgs@j-k.io>
-
@honnip Jung seungwoo <me@honnip.page>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@LeshaInc Alexey Nikashkin <leshainc@fomalhaut.me>
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>
-
@magnetophon Bart Brouns <bart@magnetophon.nl>
-
@ratsclub Victor Freire <victor@freire.dev.br>