Arbitrary Code Execution Affecting deno package, versions >=1.18.0 <1.20.3


0.0
high

Snyk CVSS

    Attack Complexity High
    Privileges Required High
    Scope Changed
    Confidentiality High
    Integrity High
    Availability High
Expand this section
NVD
10 critical

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-RUST-DENO-2434275
  • published 27 Mar 2022
  • disclosed 27 Mar 2022
  • credit DjDeveloper, Aapo Alasuutari, Andreu Botella

How to fix?

Upgrade deno to version 1.20.3 or higher.

Overview

deno is an a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust.

Affected versions of this package are vulnerable to Arbitrary Code Execution. A malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code.