Main Vulnerability Database SB2023032817

SB2023032817 - Remote code execution in Deno

Published: March 28, 2023

Security Bulletin ID SB2023032817

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Neutralization of Escape, Meta, or Control Sequences (CVE-ID: CVE-2023-28446)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper ANSI neutralization. A remote attacker can spoof the interactive permission prompt and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

https://github.com/denoland/deno/blob/7d13d65468c37022f003bb680dfbddd07ea72173/runtime/js/40_process.js#L175
https://github.com/denoland/deno/releases/tag/v1.31.2
https://github.com/denoland/deno/security/advisories/GHSA-vq67-rp93-65qf