Lucene search

GitHub_MCVELIST:CVE-2021-32619

HistoryMay 28, 2021 - 9:00 p.m.

CVE-2021-32619 Static imports inside dynamically imported modules do not adhere to permission checks

2021-05-2821:00:12

CWE-285

GitHub_M

www.cve.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

JSON

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import() or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. The vulnerability has been patched in Deno release 1.10.2.

CNA Affected

[
  {
    "product": "deno",
    "vendor": "denoland",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.10.2"
      }
    ]
  }
]

References

github.com/denoland/deno/security/advisories/GHSA-xpwj-7v8q-mcgj

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

JSON

Related for CVELIST:CVE-2021-32619