CVE-2022-24783: Sandbox bypass leading to arbitrary code execution in Deno
(updated )
The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass permission checks and execute arbitrary shell code.
There is no evidence that this vulnerability has been exploited in the wild.
This vulnerability does not affect users of Deno Deploy.
References
- github.com/advisories/GHSA-838h-jqp6-cf2f
- github.com/denoland/deno
- github.com/denoland/deno/commit/fcfce1bb869fddc629e6d889d6ba1328b80b0dcf
- github.com/denoland/deno/compare/v1.20.2...v1.20.3
- github.com/denoland/deno/pull/14115
- github.com/denoland/deno/releases/tag/v1.20.3
- github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f
- nvd.nist.gov/vuln/detail/CVE-2022-24783
Detect and mitigate CVE-2022-24783 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →