Deno Fixes Path Traversal Vulnerability in MakeTemp APIs
CVE-2024-27931

6.5MEDIUM

Key Information:

Vendor: Denoland
Status: Deno
Vendor: CVE Published:; 5 March 2024

What is CVE-2024-27931?

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp* APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a Deno.makeTemp* API containing path traversal characters. This is fixed in Deno 1.41.1.

Affected Version(s)

deno < 1.41.1

References

https://github.com/denoland/deno/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2024
Vulnerability Reserved
Feb 28, 2024

JSON

Denoland

What is CVE-2024-27931?

Affected Version(s)

References

CVSS V3.1

Timeline