Описание
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in op_node_ipc_pipe() leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node child_process IPC relies on the JS side to pass the raw IPC file descriptor to op_node_ipc_pipe(), which returns a IpcJsonStreamResource ID associated with the file descriptor. On closing the resource, the raw file descriptor is closed together.
Use of raw file descriptors in op_node_ipc_pipe() leads to premature close of arbitrary file descriptors. This allow standard input (fd 0) to be closed and re-opened for a different resource, which allows a silent permission prompt bypass. This is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions.
This bug is known to be exploitable. There
Ссылки
- Product
- Product
- Product
- Product
- Product
- Product
- Product
- Patch
- Product
- ExploitVendor Advisory
- Product
- Product
- Product
- Product
- Product
- Product
- Product
- Patch
- Product
- ExploitVendor Advisory
Уязвимые конфигурации
EPSS
8.2 High
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
EPSS
8.2 High
CVSS3
8.8 High
CVSS3