← Back to CVEs
CVE-2022-24783
CRITICAL10.0
Description
Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.
CVE Details
CVSS v3.1 Score10.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/25/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
deno:deno
Weaknesses (CWE)
CWE-269CWE-863
References
https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f(security-advisories@github.com)
https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.