CVE-2025-48935
Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patch for the issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
denoland · denoQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →