Main Vulnerability Database SB2024050749

SB2024050749 - Improper access control in Deno

Published: May 7, 2024 Updated: April 23, 2026

Security Bulletin ID SB2024050749

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2024-34346)

The vulnerability allows a remote privileged user to escalate privileges.

The vulnerability exists due to improper access control in the Deno sandbox file access restrictions when opening privileged files without an explicit deny flag. A remote privileged user can read from or write to privileged files to escalate privileges.

On Unix and Windows platforms, access to certain privileged paths can grant capabilities beyond the intended read or write permissions, such as environment access or broader system access.

Remediation

Install update from vendor's website.

References

https://github.com/denoland/deno/security/advisories/GHSA-23rx-c3g5-hv9w