4 matches found
CVE-2025-61785
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...
CVE-2025-61785 Deno's --deny-write check does not prevent permission bypass
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...
Deno's --deny-write check does not prevent permission bypass
Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...
kernel: fix permission checking in sys_utimensat
The utimensat system call sysutimensat in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIMENOW and UTIMEOMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service...