Main Vulnerability Database SB2024030584

SB2024030584 - Improper Resource Shutdown or Release in Deno

Published: March 5, 2024 Updated: April 23, 2026

Security Bulletin ID SB2024030584

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Resource Shutdown or Release (CVE-ID: CVE-2024-27933)

The vulnerability allows a local privileged user to execute arbitrary code on the host machine.

The vulnerability exists due to improper resource management in op_node_ipc_pipe() when handling raw file descriptors for Node child_process IPC. A local privileged user can close arbitrary file descriptors and re-open standard input as a different resource to execute arbitrary code on the host machine.

The issue can be exploited to bypass permission prompts silently, and the prompt output can also be suppressed by closing stderr.

Remediation

Install update from vendor's website.

References

https://github.com/denoland/deno/security/advisories/GHSA-6q4w-9x56-rmwq