CVE-2021-41641

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-41641

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41641.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41641

Aliases

GHSA-67hm-27mx-9cg7

Withdrawn

2024-05-15T05:34:01.044867Z

Published

2022-06-12T13:15:07Z

Modified

2023-11-29T09:04:35.120836Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.

References

Affected packages

Git / github.com/denoland/deno

Affected ranges

Type: GIT
Repo: https://github.com/denoland/deno
Events: Introduced

1567c1013cc8ff12cf039137792da66a1d0015b5

Last affected

f92cc66f0dbf8e9753f2e98d4469190f3b561eb0

Affected versions

v1.*

v1.10.3

v1.11.0

v1.11.1

v1.11.2

v1.12.0

v1.12.1

v1.12.2

v1.13.0

v1.13.1

v1.13.2

v1.14.0