Main Vulnerability Database SB2024030581

SB2024030581 - Path traversal in Deno

Published: March 5, 2024 Updated: April 23, 2026

Security Bulletin ID SB2024030581

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Path traversal (CVE-ID: CVE-2024-27931)

The vulnerability allows a remote attacker to overwrite important files on the system.

The vulnerability exists due to improper input validation in Deno.makeTemp* APIs when processing user-supplied prefix or suffix parameters. A remote attacker can supply path traversal characters in a prefix or suffix value to overwrite important files on the system.

The permission check applies to the base directory, but the created file may be placed outside that directory.

Remediation

Install update from vendor's website.

References

https://github.com/denoland/deno/security/advisories/GHSA-hrqr-jv8w-v9jh