Vulnerability Database

296,733

Total vulnerabilities in the database

CVE-2021-41641

Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.

Published: Jun 12, 2022
Updated: May 9, 2024
CVE: CVE-2021-41641
GHSA: GHSA-67hm-27mx-9cg7
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.4
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
deno / deno	1.10.3	1.14.0.x
deno	-	1.16.0

https://github.com/denoland/deno/commit/d44011a69e0674acfa9c59bd7ad7f0523eb61d42
https://github.com/denoland/deno/issues/12152
https://github.com/denoland/deno/pull/12554
https://hackers.report/report/614876917a7b150012836bb8

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo