CVE-2021-41641

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-41641

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41641.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41641

Aliases

GHSA-67hm-27mx-9cg7

Downstream

JLSEC-2026-99

Published

2022-06-12T13:15:07.747Z

Modified

2026-04-10T04:38:41.391877Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.

References

Affected packages

Git / github.com/denoland/deno

Affected ranges

Type

GIT

Repo

https://github.com/denoland/deno

Events

Introduced

1567c1013cc8ff12cf039137792da66a1d0015b5

Last affected

f92cc66f0dbf8e9753f2e98d4469190f3b561eb0

Database specific

{
    "versions": [
        {
            "introduced": "1.10.3"
        },
        {
            "last_affected": "1.14.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41641.json"