CVE-2022-24783

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24783

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24783.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24783

Aliases

GHSA-838h-jqp6-cf2f

Withdrawn

2024-05-15T05:32:03.287924Z

Published

2022-03-25T22:15:08Z

Modified

2023-11-29T09:29:23.560693Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.

References

https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f

Affected packages

Git / github.com/denoland/deno

Affected ranges

Type: GIT
Repo: https://github.com/denoland/deno
Events: Introduced

2ea535c8c1817a20a3915e350242423ee71cfa73

Fixed

347da0d1174a685ad1a9445cc8c681677115731f

Affected versions

v1.*

v1.18.0

v1.19.0

v1.20.0

v1.20.1

v1.20.2