Home > Vulnerability Database > CVE-2023-33966

Mend.io Vulnerability Database

CVE-2023-33966

Good to know:

Date: May 31, 2023

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue.

Language: RUST

Severity Score

9.8

Related Resources (4)

Url: https://github.com/denoland/deno/security/advisories/GHSA-vc52-gwm3-8v2f

Url: https://github.com/denoland/deno/releases/tag/v1.34.1

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33966

Url: https://www.mend.io/vulnerability-database/CVE-2023-33966

Severity Score

9.8

Weakness Type (CWE)

Incorrect Default Permissions

CWE-276

Top Fix

Upgrade Version

Upgrade to version deno - 1.34.1, deno_runtime - 0.115.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33966

Good to know:

Date: May 31, 2023

Language: RUST

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?