CVE-2024-27934 Information
Description
Deno is a JavaScript TypeScript and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3 use of inherently unsafe const c_void and ExternalPointer leads to use-after-free access of the underlying structure resulting in arbitrary code execution. Use of inherently unsafe const c_void and ExternalPointer leads to use-after-free access of the underlying structure which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable for both const c_void and ExternalPointer implementations. Version 1.40.3 fixes this issue.
Reference
https://github.com/denoland/deno/security/advisories/GHSA-3j27-563v-28wf
Share on: