Описание
Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.18.0 (включая) до 1.20.3 (исключая)
cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00363
Низкий
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-269
CWE-863
Связанные уязвимости
CVSS3: 10
github
почти 4 года назад
Sandbox bypass leading to arbitrary code execution in Deno
EPSS
Процентиль: 58%
0.00363
Низкий
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-269
CWE-863