What is CVE-2024-27933?

CVE-2024-27933 is a high-severity vulnerability in Denoland Deno, classified under Incorrect Authorization. CVSS score: 8.3/10. Published 2024-03-06.

How severe is CVE-2024-27933?

High severity. CVSS v3 base score is 8.3 out of 10.

Is CVE-2024-27933 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Denoland Deno

CVE-2024-27933

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a differen…

Vulnerability class: Broken Access Control

EPSS: 0.000 (5.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Denoland Deno — versions = 1.39.0

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

Public proof-of-concept exploits

leesh3288/leesh3288

References

https://github.com/denoland/deno/security/advisories/GHSA-6q4w-9x56-rmwq (x_refsource_CONFIRM)
https://github.com/denoland/deno/commit/55fac9f5ead6d30996400e8597c969b675c5a22b (x_refsource_MISC)
https://github.com/denoland/deno/commit/5a91a065b882215dde209baf626247e54c21a392 (x_refsource_MISC)
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L214 (x_refsource_MISC)
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L220 (x_refsource_MISC)
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L225 (x_refsource_MISC)
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L241 (x_refsource_MISC)
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L256 (x_refsource_MISC)
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L265 (x_refsource_MISC)
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L99 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-27933?: CVE-2024-27933 is a high-severity vulnerability in Denoland Deno, classified under Incorrect Authorization. CVSS score: 8.3/10. Published 2024-03-06.
How severe is CVE-2024-27933?: High severity. CVSS v3 base score is 8.3 out of 10.
Is CVE-2024-27933 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.