CVE-2024-32468

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 25, 2024
CWE ID 79

Summary

CVE-2024-32468 is a newly disclosed vulnerability affecting Deno, a runtime for JavaScript and TypeScript written in Rust. The issue lies within the `deno_doc` crate, which was found to contain multiple cross-site scripting (XSS) vulnerabilities. The first vulnerability is linked to the generation of a JavaScript file for searching, `search_index.js`, where `deno_doc` utilizes the `innerHTML` function on unsanitized HTML input. The second vulnerability stems from the lack of sanitization for property names, method names, and enum names in the `deno_doc` crate. Despite the first XSS vulnerability not likely having significant impact due to `deno doc --html` being intended for local use with own packages, both issues pose a potential security risk and should be addressed promptly by Deno users.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share