ГлавнаяУязвимости → CVE-2026-49401
7.3высокая

CVE-2026-49401

Описание

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different Unicode spellings of the same name as the same file. That means a program could reach a denied path by spelling it differently than the deny rule. This vulnerability is fixed in 2.7.14.

Затрагиваемое ПО
Deno DenoApple Macos
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
Источники
https://github.com/denoland/deno/security/advisories/GHSA-8xpq-cjcf-3wh9