Main Vulnerability Database Vulnerabilities #VU127025

Improper privilege management in Deno - CVE-2022-24783

Published: March 25, 2022 / Updated: April 23, 2026

Vulnerability identifier: #VU127025

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-24783

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Deno

Software vendor:
Deno Land

Description

The vulnerability allows a remote user to execute arbitrary shell code.

The vulnerability exists due to improper privilege management in certain FFI operations when executing code in a Deno runtime. A remote user can execute malicious code that bypasses permission checks to execute arbitrary shell code.

This vulnerability does not affect Deno Deploy.

Remediation

Install security update from vendor's website.

External links

https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f
https://github.com/advisories/GHSA-838h-jqp6-cf2f

Improper privilege management in Deno - CVE-2022-24783

Description

Remediation

External links

Please verify you're human