Main Vulnerability Database Vulnerabilities #VU127049

Improper Resource Shutdown or Release in Deno - CVE-2024-27933

Published: March 5, 2024 / Updated: April 23, 2026

Vulnerability identifier: #VU127049

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-27933

CWE-ID: CWE-404

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Deno

Software vendor:
Deno Land

Description

The vulnerability allows a local privileged user to execute arbitrary code on the host machine.

The vulnerability exists due to improper resource management in op_node_ipc_pipe() when handling raw file descriptors for Node child_process IPC. A local privileged user can close arbitrary file descriptors and re-open standard input as a different resource to execute arbitrary code on the host machine.

The issue can be exploited to bypass permission prompts silently, and the prompt output can also be suppressed by closing stderr.

Remediation

Install security update from vendor's website.

External links

https://github.com/denoland/deno/security/advisories/GHSA-6q4w-9x56-rmwq

Improper Resource Shutdown or Release in Deno - CVE-2024-27933

Description

Remediation

External links

Please verify you're human