CVE-2024-27931

Опубликовано: 05 мар. 2024

Источник: nvd

CVSS3: 5.8

CVSS3: 6.5

EPSS Низкий

Описание

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp* APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a Deno.makeTemp* API containing path traversal characters. This is fixed in Deno 1.41.1.

Ссылки

https://github.com/denoland/deno/security/advisories/GHSA-hrqr-jv8w-v9jh
Exploit
Third Party Advisory
https://github.com/denoland/deno/security/advisories/GHSA-hrqr-jv8w-v9jh
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*

Версия до 1.41.1 (исключая)

EPSS

Процентиль: 45%

0.00226

Низкий

5.8 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

GHSA-hrqr-jv8w-v9jh

CVSS3: 5.8

github

почти 2 года назад

Insufficient permission checking in `Deno.makeTemp*` APIs

EPSS

Процентиль: 45%

0.00226

Низкий

5.8 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo