CVE-2022-24783

EPSS 0.36%
Veröffentlicht 25.03.2022 22:15:08
Zuletzt bearbeitet 21.11.2024 06:51:05
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Deno ≫ Deno Version >= 1.18.0 < 1.20.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.577

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
security-advisories@github.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-24783

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24783

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24783

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-24783