CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28446 – Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization
https://notcve.org/view.php?id=CVE-2023-28446
Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a `op_spawn_child` or `op_kill` prompt and replace it with any desired text. This works with any command on the respective platform, giving the program the full ability to choose what program they wanted to run. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). This issue has been patched in version 1.31.2. • https://github.com/denoland/deno/blob/7d13d65468c37022f003bb680dfbddd07ea72173/runtime/js/40_process.js#L175 https://github.com/denoland/deno/releases/tag/v1.31.2 https://github.com/denoland/deno/security/advisories/GHSA-vq67-rp93-65qf • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28445 – Deno improperly handles resizable ArrayBuffer
https://notcve.org/view.php?id=CVE-2023-28445
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. • https://github.com/denoland/deno/pull/18395 https://github.com/denoland/deno/releases/tag/v1.32.1 https://github.com/denoland/deno/security/advisories/GHSA-c25x-cm9x-qqgx • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26103
https://notcve.org/view.php?id=CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server. • https://github.com/denoland/deno/blob/2b247be517d789a37e532849e2e40b724af0918f/ext/http/01_http.js%23L395-L409 https://github.com/denoland/deno/commit/cf06a7c7e672880e1b38598fe445e2c50b4a9d06 https://github.com/denoland/deno/pull/17722 https://github.com/denoland/deno/releases/tag/v1.31.0 https://security.snyk.io/vuln/SNYK-RUST-DENO-3315970 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22499 – Interactive permission prompt spoofing in Deno
https://notcve.org/view.php?id=CVE-2023-22499
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message. This situation impacts users who use Web Worker API and relied on interactive permission prompt. The reproduction is very timing sensitive and can’t be reliably reproduced on every try. • https://github.com/denoland/deno/pull/17392 https://github.com/denoland/deno/security/advisories/GHSA-mc52-jpm2-cqh6 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-41641
https://notcve.org/view.php?id=CVE-2021-41641
Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory. Deno versiones anteriores a 1.14.0 incluyéndola, el sandbox de archivo no maneja correctamente los enlaces simbólicos. Cuando es ejecutado Deno con un acceso de escritura específico, el método Deno.symlink puede usarse para acceder a cualquier directorio • https://github.com/denoland/deno/issues/12152 https://hackers.report/report/614876917a7b150012836bb8 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •