Vulnerabilities > CVE-2022-24783 - Incorrect Authorization vulnerability in Deno

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

deno

CWE-863

critical

NVD

Published: 2022-03-25

Updated: 2023-06-30

Summary

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.

Vulnerable Configurations

Part	Description	Count
Application	Deno Deno Deno 1.18.0 Deno Deno 1.18.1 Deno Deno 1.18.2 Deno Deno 1.19.0 Deno Deno 1.19.1 Deno Deno 1.19.2 Deno Deno 1.19.3 Deno Deno 1.20.0 Deno Deno 1.20.1 Deno Deno 1.20.2	10

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f