Easrng

**Name of the Vulnerable Software and Affected Versions** Deno versions 1.8.0 through 1.40.3 **Description** Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for a specific domain may be sent to a different domain. Anyone who uses DENO AUTH TOKENS and imports potentially untrusted code is affected. **Recommendations** For Deno versions 1.8.0 through 1.40.3, update to version 1.40.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of DENO AUTH TOKENS with potentially untrusted code until a patch is applied. Restrict access to sensitive domains to minimize the risk of exploitation.