CVE-2025-61787

High CVSS: 8.1

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, ``CreateProcess()`` always implicitly spawns ``cmd.exe`` if a batch file (.bat, .cmd, etc.) is being executed even if the application does not specify it via the command line. This makes Deno vulnerable to a command injection attack on Windows. Versions 2.5.3 and 2.2.15 fix the issue.

Vendor

Deno

Product

Deno

CWE

CWE-77

Yayın Tarihi

2025-10-08 02:15:41

Güncelleme

2025-10-16 18:14:53

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-77 Deno HIGH Deno 2025

Referanslar

https://github.com/denoland/deno/commit/8a0990ccd37bafd8768176ca64b906ba2da2d822 https://github.com/denoland/deno/pull/30818 https://github.com/denoland/deno/releases/tag/v2.2.15 https://github.com/denoland/deno/releases/tag/v2.5.3 https://github.com/denoland/deno/security/advisories/GHSA-m2gf-x3f6-8hq3

Benzer Kayıtlar

High

CVE-2026-32260

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exist…

High

CVE-2026-27190

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in D…

Critical

CVE-2026-22863

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulner…

High

CVE-2026-22864

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows b…

Low

CVE-2025-61786

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, `Deno.FsFile.prototype…

Low

CVE-2025-61785

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, `Deno.FsFile.prototype…