Deno: `fetch()` API sandbox bypass via missing DNS resolution check

Vulnerability

The fetch() API in Deno validates destination hostnames against --deny-net rules before DNS resolution, but fails to re-check the resolved IP addresses against those same rules. An attacker-controlled script can supply a domain name that passes the hostname-based check yet resolves to a denied IP, silently circumventing network restrictions. This affects Deno versions prior to the fix, specifically when --deny-net is used with untrusted code [1][2].

Exploitation

An attacker must execute arbitrary JavaScript in a Deno context where --deny-net is active (e.g., via deno run with untrusted third-party code). The attacker registers or controls a domain that resolves to a blocked IP (such as 127.0.0.1 or an internal service) while the hostname itself is not in the deny list. Calling fetch() with that domain triggers DNS lookup, and because the post-resolution check is missing, the connection proceeds to the forbidden IP [1][2].

Impact

Successful exploitation allows the attacker to bypass network isolation rules enforced by --deny-net. This can lead to unauthorized access to localhost services, internal network endpoints, or any host the user intended to block. The confidentiality, integrity, and availability of those internal services may be compromised, depending on the attacker's subsequent actions [1][2].

Mitigation

The fix is implemented in Deno's fetch() DNS resolver, which now performs a post-resolution check on every IP address before passing it to the HTTP connector, consistent with how Deno.connect already behaved. Users should upgrade to the patched version as soon as it is released. No workaround is available short of upgrading; if immediate upgrade is not possible, avoid granting --allow-net alongside --deny-net restrictions that depend on for security [1][2].