Lucacasonato

**Name of the Vulnerable Software and Affected Versions** Deno version 1.32.0 **Description** The issue is related to resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation, which could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild. Deno Deploy users are not affected. **Recommendations** For Deno version 1.32.0, upgrade to Deno 1.32.1 to resolve the issue. As a temporary workaround for Deno version 1.32.0, run with `--v8-flags=--no-harmony-rab-gsab` to disable resizable ArrayBuffers.

**Name of the Vulnerable Software and Affected Versions** Deno versions 1.5.0 through 1.10.1 **Description** The issue concerns modules dynamically imported through `import()` or `new Worker` that might bypass network and file system permission checks when statically importing other modules. An attacker in control of a module in a program's module graph could initiate GET requests to arbitrary URLs and possibly read the contents of these resources, or check for existence of arbitrary paths on the file system and possibly read the contents of these files. This vulnerability was not present in releases prior to 1.5.0 and was not abused in the wild, as indicated by the lack of reports and the default behavior of Deno printing a "Download" message when remote imports are downloaded. **Recommendations** For Deno versions 1.5.0 through 1.10.1, upgrade to Deno release 1.10.2 by running the `deno upgrade` command to patch the vulnerability. At the moment, there is no workaround for this issue other than upgrading to the patched version.