CVE-2024-27933

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Mar 21, 2024
CWE ID 863

Summary

CVE-2024-27933 is a vulnerability in Deno, a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, the use of raw file descriptors in the op_node_ipc_pipe() function results in the premature closing of arbitrary file descriptors. This can allow an attacker to bypass permission prompts by reopening the standard input as a different resource. The vulnerability can be exploited by an attacker controlling the code executed within a Deno runtime to achieve arbitrary code execution on the host machine, regardless of permissions. The base severity of this vulnerability is rated as HIGH, with a CVSS score of 8.2, indicating its potential danger to organizations. A patch or update to Deno version 1.39.1 or higher should be applied to remediate this vulnerability and mitigate its impact.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-27933 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options