4 matches found
CVE-2024-27933
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...
SUSE CVE-2024-27933
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...
CVE-2024-27933
Summary: CVE-2024-27933 affects Deno 1.39.0, where use of raw file descriptors in op_node_ipc_pipe() can prematurely close arbitrary fds, enabling silent permission-prompt bypass and potential arbitrary code execution on the host when an attacker controls code in the Deno runtime. The issue arise...
CVE-2024-27933 Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...