Improper access control in Deno - CVE-2024-34346

 

Improper access control in Deno - CVE-2024-34346

Published: May 7, 2024 / Updated: April 23, 2026


Vulnerability identifier: #VU127053
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-34346
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Deno Land
Affected software:
Deno

Detailed vulnerability description

The vulnerability allows a remote privileged user to escalate privileges.

The vulnerability exists due to improper access control in the Deno sandbox file access restrictions when opening privileged files without an explicit deny flag. A remote privileged user can read from or write to privileged files to escalate privileges.

On Unix and Windows platforms, access to certain privileged paths can grant capabilities beyond the intended read or write permissions, such as environment access or broader system access.


How to mitigate CVE-2024-34346

Install security update from vendor's website.

Sources