Moderate severityNVD Advisory· Published Mar 5, 2024· Updated Aug 2, 2024
Insufficient permission checking in `Deno.makeTemp*` APIs
CVE-2024-27931
Description
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp* APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a Deno.makeTemp* API containing path traversal characters. This is fixed in Deno 1.41.1.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
denocrates.io | < 1.41.1 | 1.41.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-hrqr-jv8w-v9jhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-27931ghsaADVISORY
- github.com/denoland/deno/security/advisories/GHSA-hrqr-jv8w-v9jhghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.