7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
57.3%
The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass permission checks and execute arbitrary shell code.
There is no evidence that this vulnerability has been exploited in the wild.
This vulnerability does not affect users of Deno Deploy.
The vulnerability has been patched in Deno 1.20.3.
There is no workaround. All users are recommended to upgrade to 1.20.3 immediately
The cause of this error was that certain FFI operations did not correctly check for permissions. The issue was fixed in this pull request.
github.com/advisories/GHSA-838h-jqp6-cf2f
github.com/denoland/deno/commit/fcfce1bb869fddc629e6d889d6ba1328b80b0dcf
github.com/denoland/deno/compare/v1.20.2...v1.20.3
github.com/denoland/deno/pull/14115
github.com/denoland/deno/releases/tag/v1.20.3
github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f
nvd.nist.gov/vuln/detail/CVE-2022-24783
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
57.3%