CVE-2021-41641

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-41641

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41641.json

Aliases

GHSA-67hm-27mx-9cg7

Published

2022-06-12T13:15:07Z

Modified

2023-11-29T09:04:35.120836Z

Details

Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.

References

https://github.com/denoland/deno/issues/12152
https://hackers.report/report/614876917a7b150012836bb8

Affected packages

Git / github.com/denoland/deno

Affected ranges

Type: GIT
Repo: https://github.com/denoland/deno
Events: Introduced

1567c1013cc8ff12cf039137792da66a1d0015b5

Last affected

f92cc66f0dbf8e9753f2e98d4469190f3b561eb0

Affected versions

v1.*

v1.10.3

v1.11.0

v1.11.1

v1.11.2

v1.12.0

v1.12.1

v1.12.2

v1.13.0

v1.13.1

v1.13.2

v1.14.0