Home > Vulnerability Database > CVE-2023-28446

Mend.io Vulnerability Database

CVE-2023-28446

Good to know:

Date: March 24, 2023

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a `op_spawn_child` or `op_kill` prompt and replace it with any desired text. This works with any command on the respective platform, giving the program the full ability to choose what program they wanted to run. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). This issue has been patched in version 1.31.2.

Language: RUST

Severity Score

8.8

Related Resources (5)

Url: https://github.com/denoland/deno/security/advisories/GHSA-vq67-rp93-65qf

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-28446

Url: https://github.com/denoland/deno/blob/7d13d65468c37022f003bb680dfbddd07ea72173/runtime/js/40_process.js#L175

Url: https://github.com/denoland/deno/releases/tag/v1.31.2

Url: https://www.mend.io/vulnerability-database/CVE-2023-28446

Severity Score

8.8

Weakness Type (CWE)

Improper Neutralization of Escape, Meta, or Control Sequences

CWE-150

Top Fix

Upgrade Version

Upgrade to version deno -1.31.2

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-28446

Good to know:

Date: March 24, 2023

Language: RUST

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?