SB2024030585 - Exposure of Resource to Wrong Sphere in Deno

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024030585

SB2024030585 - Exposure of Resource to Wrong Sphere in Deno

Published: March 5, 2024 Updated: April 23, 2026

Security Bulletin ID SB2024030585
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2024-27935)

The vulnerability allows a remote attacker to disclose sensitive information and cause data corruption.

The vulnerability exists due to improper isolation of a global buffer in stream_wrap.ts in Deno's Node.js compatibility runtime when performing simultaneous asynchronous reads from Node.js streams sourced from sockets or files. A remote attacker can trigger concurrent stream reads to disclose sensitive information and cause data corruption.

The issue does not affect network streams created with the Deno.listen and Deno.connect APIs.


Remediation

Install update from vendor's website.

References