Improper Authorization Affecting deno_node package, versions <0.86.0
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.04% (10th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUST-DENONODE-6814550
- published 8 May 2024
- disclosed 7 May 2024
- credit Cristian-Alexandru STAICU
Introduced: 7 May 2024
CVE-2024-34346 Open this link in a new tabHow to fix?
Upgrade deno_node
to version 0.86.0 or higher.
Overview
deno_node is a require and other node related functionality for Deno.
Affected versions of this package are vulnerable to Improper Authorization due to improper handling of file-system operations on privileged files. An attacker can escalate permissions and access or modify system-level files by exploiting the lack of explicit deny flags in command-line arguments.
References
CVSS Scores
version 3.1