XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems
CVE-2024-52793

Currently unrated

Key Information:

Vendor

Denoland

Status
Std
Vendor
CVE Published:
22 November 2024

What is CVE-2024-52793?

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names. Exploitation might also be possible on other systems but less trivial due to e.g. lack of file name support for <> in Windows. Version 1.0.11 fixes the issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

std < 1.0.11

References

https://github.com/denoland/std/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/denoland/std/blob/065296ca5a05a47f9741...
x_refsource_MISC
https://github.com/denoland/std/blob/065296ca5a05a47f9741...
x_refsource_MISC

Timeline

  • Vulnerability published

JSON
.