Main Vulnerability Database Vulnerabilities #VU127053

Improper access control in Deno - CVE-2024-34346

Published: May 7, 2024 / Updated: April 23, 2026

Vulnerability identifier: #VU127053

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-34346

CWE-ID: CWE-284

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Deno

Software vendor:
Deno Land

Description

The vulnerability allows a remote privileged user to escalate privileges.

The vulnerability exists due to improper access control in the Deno sandbox file access restrictions when opening privileged files without an explicit deny flag. A remote privileged user can read from or write to privileged files to escalate privileges.

On Unix and Windows platforms, access to certain privileged paths can grant capabilities beyond the intended read or write permissions, such as environment access or broader system access.

Remediation

Install security update from vendor's website.

External links

https://github.com/denoland/deno/security/advisories/GHSA-23rx-c3g5-hv9w

Improper access control in Deno - CVE-2024-34346

Description

Remediation

External links

Please verify you're human