Main Vulnerability Database Vulnerabilities #VU127047

Path traversal in Deno - CVE-2024-27931

Published: March 5, 2024 / Updated: April 23, 2026

Vulnerability identifier: #VU127047

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-27931

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Deno

Software vendor:
Deno Land

Description

The vulnerability allows a remote attacker to overwrite important files on the system.

The vulnerability exists due to improper input validation in Deno.makeTemp* APIs when processing user-supplied prefix or suffix parameters. A remote attacker can supply path traversal characters in a prefix or suffix value to overwrite important files on the system.

The permission check applies to the base directory, but the created file may be placed outside that directory.

Remediation

Install security update from vendor's website.

External links

https://github.com/denoland/deno/security/advisories/GHSA-hrqr-jv8w-v9jh

Path traversal in Deno - CVE-2024-27931

Description

Remediation

External links

Please verify you're human