Lucene search

GitHub_MCVELIST:CVE-2022-24783

HistoryMar 25, 2022 - 9:15 p.m.

CVE-2022-24783 Sandbox bypass leading to arbitrary code execution in Deno

2022-03-2521:15:12

CWE-269

GitHub_M

www.cve.org

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.

CNA Affected

[
  {
    "product": "deno",
    "vendor": "denoland",
    "versions": [
      {
        "status": "affected",
        "version": ">= 1.18.0, < 1.20.3"
      }
    ]
  }
]

References

github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON

Related for CVELIST:CVE-2022-24783