PT-2022-11451 · Deno · Deno
Masasrono
·
Published
2022-06-12
·
Updated
2022-06-21
·
CVE-2021-41641
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Deno versions 1.14.0 and earlier
Description
The issue concerns the file sandbox in Deno not handling symbolic links correctly. When Deno is run with specific write access, the
Deno.symlink method can be exploited to gain access to any directory.Recommendations
For Deno versions 1.14.0 and earlier, as a temporary workaround, consider disabling the
Deno.symlink method until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Deno