Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, ``CreateProcess()`` always implicitly spawns ``cmd.exe`` if a batch file (.bat, .cmd, etc.) is being executed even if the application does not specify it via the command line. This makes Deno vulnerable to a command injection attack on Windows. Versions 2.5.3 and 2.2.15 fix the issue.
References
Configurations
No configuration.
History
08 Oct 2025, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-10-08 02:15
Updated : 2025-10-08 19:38
NVD link : CVE-2025-61787
Mitre link : CVE-2025-61787
CVE.ORG link : CVE-2025-61787
JSON object : View
Products Affected
No product.
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')