CVE-2022-24783

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-24783

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24783.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24783

Aliases

GHSA-838h-jqp6-cf2f

Published

2022-03-25T21:15:12Z

Modified

2026-03-14T11:37:57.759459Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

Sandbox bypass leading to arbitrary code execution in Deno

Details

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.

Database specific

{
    "cwe_ids": [
        "CWE-269"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24783.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/denoland/deno

Affected ranges

Type: GIT
Repo: https://github.com/denoland/deno
Events: Introduced

2ea535c8c1817a20a3915e350242423ee71cfa73

Fixed

347da0d1174a685ad1a9445cc8c681677115731f

Affected versions

v1.*

v1.18.0

v1.19.0

v1.20.0

v1.20.1

v1.20.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24783.json"