CVE-2025-48935

Medium CVSS: 5.5

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patch for the issue.

Vendor

Deno

Product

Deno

CWE

CWE-863

Yayın Tarihi

2025-06-04 20:15:24

Güncelleme

2025-07-02 13:17:12

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Deno MEDIUM Deno 2025

Referanslar

https://github.com/denoland/deno/commit/31a97803995bd94629528ba841b2418d3ca01860 https://github.com/denoland/deno/security/advisories/GHSA-8vxj-4cph-c596

Benzer Kayıtlar

High

CVE-2026-32260

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exist…

High

CVE-2026-27190

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in D…

Critical

CVE-2026-22863

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulner…

High

CVE-2026-22864

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows b…

High

CVE-2025-61787

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command…

Low

CVE-2025-61786

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, `Deno.FsFile.prototype…