Lucene search
K

9 matches found

OSV
OSV
added 2026/04/14 1:10 p.m.4 views

JLSEC-2026-112 Deno's --deny-read check does not prevent permission bypass

Summary Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explicit read access to the script is executed with --deny-read=./ Similar APIs like Deno.stat a...

3.3CVSS5.8AI score0.00178EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/10/09 1:13 a.m.4 views

CVE-2025-61786

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

3.3CVSS6.5AI score0.00178EPSS
Exploits1References1
OSV
OSV
added 2025/10/08 5:56 p.m.6 views

GHSA-QQ26-84MH-26J9 Deno's --deny-read check does not prevent permission bypass

Summary Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explicit read access to the script is executed with --deny-read=./ Similar APIs like Deno.stat a...

3.3CVSS6.7AI score0.00178EPSS
Exploits1References7
NVD
NVD
added 2025/10/08 1:15 a.m.4 views

CVE-2025-61786

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

3.3CVSS0.00178EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/10/08 12:49 a.m.8 views

CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

3.3CVSS0.00178EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/10/08 12:49 a.m.3 views

CVE-2025-61786

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

3.3CVSS6.6AI score0.00178EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2024/07/10 3:36 a.m.5 views

SUSE CVE-2024-22018

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...

2.8CVSS8.3AI score0.00458EPSS
Exploits0References6
OSV
OSV
added 2022/06/03 8:26 a.m.11 views

SUSE-SU-2022:1932-1 Security update for patch

This update for patch fixes the following issues: Security fixes: - CVE-2019-13636: Fixed mishandled following of symlinks in certain cases other than input files bsc1142041. - CVE-2018-6952: Fixed double free of memory in pch.c:anotherhunk bsc1080985. Bugfixes: - Pass the correct stat to backup...

7.5CVSS6.5AI score0.08411EPSS
Exploits0References7
CNVD
CNVD
added 2017/11/17 12:0 a.m.1 views

FreeBSD Information Disclosure Vulnerability (CNVD-2017-37251)

FreeBSD is a set of Unix-like free operating systems in the FreeBSD project, headed by the Core Team team, and is an important branch of Unix-like systems that have evolved through BSD, 386BSD, and 4.4BSD. A security vulnerability exists in FreeBSD that stems from a program failing to properly...

3.3CVSS6.8AI score0.00386EPSS
Exploits0References1
Rows per page
Query Builder