Deno <=1.14.0 File Sandbox Symlink Vulnerability

Deno <=1.14.0 File Sandbox Symlink Vulnerability

CVE-2021-41641 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.

Learn more about our Web Application Penetration Testing UK.