34 matches found
JLSEC-2026-111 Deno's --deny-write check does not prevent permission bypass
Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...
CVE-2023-45391
A stored cross-site scripting XSS vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
CVE-2025-61785
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...
CVE-2025-61785
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...
CVE-2025-61785
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...
CVE-2025-61785 Deno's --deny-write check does not prevent permission bypass
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...
CVE-2025-61785 Deno's --deny-write check does not prevent permission bypass
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...
CVE-2025-61785
Summary : CVE-2025-61785 affects Deno versions prior to 2.5.3 and 2.2.15, where Deno.FsFile.prototype.utime and utimeSync are not properly restricted by --deny-write=./. This allows changing atime/mtime on a read-only opened file even when write is disallowed, bypassing the permission model. The ...
CVE-2025-61785 Deno's --deny-write check does not prevent permission bypass
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...
Deno 安全漏洞
Deno is a simple, modern and secure JavaScript and TypeScript runtime environment from Deno Open Source. A security vulnerability exists in Deno versions prior to 2.5.3 and prior to 2.2.15, which stems from the fact that the utime and utimeSync methods are not constrained by the privilege model,...
PT-2025-41208
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.5.3 Deno versions prior to 2.2.15 Description Deno is a JavaScript, TypeScript, and WebAssembly runtime. The Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync functions are not limited by the...
Deno's --deny-write check does not prevent permission bypass
Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...
GHSA-VG2R-RMGP-CGQJ Deno's --deny-write check does not prevent permission bypass
Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...
EUVD-2023-49683
Malicious code in bioql PyPI...
EUVD-2023-49685
Malicious code in bioql PyPI...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45391
A stored cross-site scripting XSS vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
CVE-2023-45391
A stored cross-site scripting XSS vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...