PT-2025-23840 · Deno · Deno
Nayeemrmn
·
Published
2025-06-04
·
Updated
2026-04-14
·
CVE-2025-48888
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Deno versions 1.41.3 through 2.1.12
Deno versions 1.41.3 through 2.2.12
Deno versions 1.41.3 through 2.3.1
Description
The issue affects Deno, a JavaScript, TypeScript, and WebAssembly runtime, where the
--deny-* flag is not prioritized over the --allow-* flag. This results in allowed access even when 'deny' should be stronger. The issue only affects a specific combination of flags and is not expected to have a significant impact on users.Recommendations
For Deno versions 1.41.3 through 2.1.12, upgrade to version 2.1.13 to receive a patch.
For Deno versions 1.41.3 through 2.2.12, upgrade to version 2.2.13 to receive a patch.
For Deno versions 1.41.3 through 2.3.1, upgrade to version 2.3.2 to receive a patch.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Deno