Skip to main content

Deno CVE-2022-24783

CRITICAL
Improper Privilege Management (CWE-269)
2022-03-25 security-advisories@github.com
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 25, 2022 - 22:15 nvd
CRITICAL 10.0

DescriptionNVD

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.

AnalysisAI

Deno is a runtime for JavaScript and TypeScript. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately. Affected products include: Deno.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

More in Deno

View all
CVE-2025-48935 CRITICAL POC
9.1 Jun 04

Deno versions 2.2.0 through 2.2.4 contain an authorization bypass vulnerability in SQLite database handling that allows

CVE-2024-27934 HIGH POC
8.8 Mar 21

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.8), this vulnerability is low att

CVE-2024-27933 HIGH POC
8.8 Mar 21

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.8), this vulnerability is low att

CVE-2023-28446 HIGH POC
8.8 Mar 24

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated high

CVE-2024-27935 HIGH POC
8.3 Mar 21

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.3), this vulnerability is remotel

CVE-2026-27190 HIGH POC
8.1 Feb 20

Command injection in Deno versions prior to 2.6.8 allows unauthenticated remote attackers to execute arbitrary commands

CVE-2026-22864 HIGH POC
8.1 Jan 15

Arbitrary code execution in Deno runtime versions before 2.5.6 allows unauthenticated attackers to bypass shell script e

CVE-2026-22863 HIGH POC
7.5 Jan 15

Deno versions up to 2.6.0 contains a vulnerability that allows attackers to have infinite encryptions (CVSS 7.5).

CVE-2023-26103 HIGH POC
7.5 Feb 25

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upg

CVE-2023-22499 HIGH POC
7.5 Jan 17

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated high severity (CVSS 7.5), this

CVE-2024-32477 HIGH POC
7.4 Apr 18

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Rated high severity (CVSS 7.4), this vul

CVE-2024-27936 MEDIUM POC
6.5 Mar 21

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Rated medium severity (CVSS 6.5), this v

Share

CVE-2022-24783 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy