CRITICAL🇬🇧 English

CVE-2022-24783

CVSS 10.0v3.1pub. 2022-03-25upd. 2024-11-21

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Deno

    APP
    Deno
    1.18.0 – 1.20.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-22863CRITICAL9.2PL ✓ten sam produkt

Deno node:crypto — brak finalizacji szyfru umożliwia wielokrotne szyfrowanie

CVE-2023-28445CRITICAL9.9ten sam produkt

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers pass...

CVE-2021-32619CRITICAL9.8ten sam produkt

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1...

CVE-2026-44726HIGH7.4ten sam produkt

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tl...

CVE-2026-49401HIGH7.3ten sam produkt

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces ...