CVE-2021-41641

Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.
References
Link Resource
https://github.com/denoland/deno/issues/12152 Exploit Issue Tracking Third Party Advisory
https://hackers.report/report/614876917a7b150012836bb8 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*

History

21 Jun 2022, 14:47

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 3.6
v3 : 8.4
CWE CWE-59
References (MISC) https://hackers.report/report/614876917a7b150012836bb8 - (MISC) https://hackers.report/report/614876917a7b150012836bb8 - Exploit, Third Party Advisory
References (MISC) https://github.com/denoland/deno/issues/12152 - (MISC) https://github.com/denoland/deno/issues/12152 - Exploit, Issue Tracking, Third Party Advisory
CPE cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*

12 Jun 2022, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-12 13:15

Updated : 2024-02-04 22:29


NVD link : CVE-2021-41641

Mitre link : CVE-2021-41641

CVE.ORG link : CVE-2021-41641


JSON object : View

Products Affected

deno

  • deno
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')