CVE - CVE-2024-27933

CVE-ID
CVE-2024-27933	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node child_process IPC relies on the JS side to pass the raw IPC file descriptor to `op_node_ipc_pipe()`, which returns a `IpcJsonStreamResource` ID associated with the file descriptor. On closing the resource, the raw file descriptor is closed together. Use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors. This allow standard input (fd 0) to be closed and re-opened for a different resource, which allows a silent permission prompt bypass. This is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable. There is a working exploit that achieves arbitrary code execution by bypassing prompts from zero permissions, additionally abusing the fact that Cache API lacks filesystem permission checks. The attack can be conducted silently as stderr can also be closed, suppressing all prompt outputs. Version 1.39.1 fixes the bug.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L214 URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L214 MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L220 URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L220 MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L225 URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L225 MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L241 URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L241 MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L256 URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L256 MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L265 URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L265 MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L99 URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L99 MISC:https://github.com/denoland/deno/commit/55fac9f5ead6d30996400e8597c969b675c5a22b URL:https://github.com/denoland/deno/commit/55fac9f5ead6d30996400e8597c969b675c5a22b MISC:https://github.com/denoland/deno/commit/5a91a065b882215dde209baf626247e54c21a392 URL:https://github.com/denoland/deno/commit/5a91a065b882215dde209baf626247e54c21a392 MISC:https://github.com/denoland/deno/security/advisories/GHSA-6q4w-9x56-rmwq URL:https://github.com/denoland/deno/security/advisories/GHSA-6q4w-9x56-rmwq
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20240228	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240228)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)