Main Vulnerability Database Vulnerabilities #VU127051

Exposure of Resource to Wrong Sphere in Deno - CVE-2024-27935

Published: March 5, 2024 / Updated: April 23, 2026

Vulnerability identifier: #VU127051

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-27935

CWE-ID: CWE-668

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Deno

Software vendor:
Deno Land

Description

The vulnerability allows a remote attacker to disclose sensitive information and cause data corruption.

The vulnerability exists due to improper isolation of a global buffer in stream_wrap.ts in Deno's Node.js compatibility runtime when performing simultaneous asynchronous reads from Node.js streams sourced from sockets or files. A remote attacker can trigger concurrent stream reads to disclose sensitive information and cause data corruption.

The issue does not affect network streams created with the Deno.listen and Deno.connect APIs.

Remediation

Install security update from vendor's website.

External links

https://github.com/denoland/deno/security/advisories/GHSA-wrqv-pf6j-mqjp

Exposure of Resource to Wrong Sphere in Deno - CVE-2024-27935

Description

Remediation

External links

Please verify you're human