CVE-2023-33966

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Deno versions 1.34.0 deno runtime versions 0.114.0

Description The issue affects outbound HTTP requests made using the built-in node:http or node:https modules, which are incorrectly not checked against the network permission allow list (--allow-net). Dependencies relying on these built-in modules are also subject to the issue.

Recommendations For Deno version 1.34.0, update to Deno v1.34.1. For deno runtime version 0.114.0, update to deno runtime 0.114.1.

Exploit

Fix

Incorrect Default Permissions

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-269

Related Identifiers

CVE-2023-33966

GHSA-VC52-GWM3-8V2F

Affected Products

Deno

Eden Runtime

CVE-2023-33966

Weakness Enumeration

Related Identifiers

Affected Products

References · 7