CVE-2021-41641

Sažetak

Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.

Reference

https://hackers.report/report/614876917a7b150012836bb8
https://github.com/denoland/deno/issues/12152

CVSS

Base:	3.6
Impact:	4.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

21-06-2022 - 14:47

Objavljeno

12-06-2022 - 13:15