Home > Vulnerability Database > CVE-2021-41641

Mend.io Vulnerability Database

CVE-2021-41641

Date: June 12, 2022

Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory. After conducting further research, Mend has determined that all versions of deno up to version 1.16.0 are vulnerable to CVE-2021-41641.

Language: RUST

Severity Score

8.4

Related Resources (6)

Url: https://github.com/denoland/deno/pull/12554

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-41641

Url: https://github.com/denoland/deno/issues/12152

Url: https://hackers.report/report/614876917a7b150012836bb8

Url: https://github.com/denoland/deno/commit/d44011a69e0674acfa9c59bd7ad7f0523eb61d42

Url: https://www.mend.io/vulnerability-database/CVE-2021-41641

Severity Score

8.4

Weakness Type (CWE)

Improper Link Resolution Before File Access ('Link Following')

CWE-59

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	3.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-41641

Date: June 12, 2022

Language: RUST

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?