CVE-2022-24783

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*

History

30 Jun 2023, 18:50

Type Values Removed Values Added
CWE CWE-269 CWE-863

31 Mar 2022, 15:37

Type Values Removed Values Added
References (CONFIRM) https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f - (CONFIRM) https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 10.0
CPE cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*

25 Mar 2022, 23:37

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-25 22:15

Updated : 2024-02-04 22:29


NVD link : CVE-2022-24783

Mitre link : CVE-2022-24783

CVE.ORG link : CVE-2022-24783


JSON object : View

Products Affected

deno

  • deno
CWE
CWE-863

Incorrect Authorization

CWE-269

Improper Privilege Management