1. Home
  2. CVE Database
  3. CVE-2022-24783
CRITICAL · 10.0

CVE-2022-24783

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in...

Vulnerability Description

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
DenoDeno>= 1.18.0, < 1.20.3

Related Weaknesses (CWE)

CWE-269CWE-863

References

FAQ

What is CVE-2022-24783?

CVE-2022-24783 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in...

How severe is CVE-2022-24783?

CVE-2022-24783 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-24783?

Check the references section above for vendor advisories and patch information. Affected products include: Deno Deno.