2 matches found
JLSEC-2026-105 Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Summary A maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Details In the patch for CVE-2023-28446, Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to t...
CVE-2023-28446
CVE-2023-28446 affects the Deno runtime and allows a malicious program to spoof the interactive permission prompts (op_spawn_child/op_kill) by inserting or abusing ANSI escape sequences, causing the prompt to display one text while granting another. Root cause: inadequate ANSI filtering in the pe...