Deno
CVE-2021-32619
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import() or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. The vulnerability has been patched in Deno release 1.10.2.
AnalysisAI
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-285. Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import() or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. The vulnerability has been patched in Deno release 1.10.2. Affected products include: Deno.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Deno versions 2.2.0 through 2.2.4 contain an authorization bypass vulnerability in SQLite database handling that allows
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.8), this vulnerability is low att
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.8), this vulnerability is low att
Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated high
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.3), this vulnerability is remotel
Command injection in Deno versions prior to 2.6.8 allows unauthenticated remote attackers to execute arbitrary commands
Arbitrary code execution in Deno runtime versions before 2.5.6 allows unauthenticated attackers to bypass shell script e
Deno versions up to 2.6.0 contains a vulnerability that allows attackers to have infinite encryptions (CVSS 7.5).
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upg
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated high severity (CVSS 7.5), this
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Rated high severity (CVSS 7.4), this vul
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Rated medium severity (CVSS 6.5), this v
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today