CVE-2022-24783 - Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.2

CVE-2022-24783

Summary

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.

References

https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f

Vulnerable Configurations

cpe:2.3:a:deno:deno:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.18.1:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.18.1:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.18.2:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.18.2:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.19.0:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.19.0:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.19.1:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.19.1:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.19.2:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.19.2:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.19.3:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.19.3:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.20.0:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.20.0:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.20.1:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.20.1:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.20.2:*:*:*:*:*:*:*
cpe:2.3:a:deno:deno:1.20.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 30-06-2023 - 18:50)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

Last major update

30-06-2023 - 18:50

Published

25-03-2022 - 22:15

Last modified

30-06-2023 - 18:50