Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run --allow-read --deny-read main.ts` results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions given as `--allow-* --deny-*`. This only affects a nonsensical combination of flags, so there shouldn't be a real impact on the userbase. Users may upgrade to version 2.1.13, 2.2.13, or 2.3.2 to receive a patch.
References
Link | Resource |
---|---|
https://github.com/denoland/deno/commit/2f0fae9d9071dcaf0a689bc7097584b1b9ebc8db | Patch |
https://github.com/denoland/deno/commit/9d665572d3cd39f997e29e6daac7c1102fc5c04f | Patch |
https://github.com/denoland/deno/commit/ef315b56c26c9ef5f25284a5100d2ed525a148cf | Patch |
https://github.com/denoland/deno/pull/22894 | Issue Tracking Patch |
https://github.com/denoland/deno/pull/29213 | Issue Tracking Patch |
https://github.com/denoland/deno/security/advisories/GHSA-xqxc-x6p3-w683 | Exploit Vendor Advisory |
https://github.com/denoland/deno/security/advisories/GHSA-xqxc-x6p3-w683 | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
02 Jul 2025, 14:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Deno deno
Deno |
|
References | () https://github.com/denoland/deno/commit/2f0fae9d9071dcaf0a689bc7097584b1b9ebc8db - Patch | |
References | () https://github.com/denoland/deno/commit/9d665572d3cd39f997e29e6daac7c1102fc5c04f - Patch | |
References | () https://github.com/denoland/deno/commit/ef315b56c26c9ef5f25284a5100d2ed525a148cf - Patch | |
References | () https://github.com/denoland/deno/pull/22894 - Issue Tracking, Patch | |
References | () https://github.com/denoland/deno/pull/29213 - Issue Tracking, Patch | |
References | () https://github.com/denoland/deno/security/advisories/GHSA-xqxc-x6p3-w683 - Exploit, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:* |
05 Jun 2025, 20:12
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Jun 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-04 20:15
Updated : 2025-07-02 14:05
NVD link : CVE-2025-48888
Mitre link : CVE-2025-48888
CVE.ORG link : CVE-2025-48888
JSON object : View
Products Affected
deno
- deno
CWE
CWE-863
Incorrect Authorization