QwikSec

Security Database

CVE

CWE

Training

CVE-2024-52793

Published: Nov 22, 2024

Modified: Nov 26, 2024

PUBLISHED

Description

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, `http/file-server`'s `serveDir` with `showDirListing: true` option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names. Exploitation might also be possible on other systems but less trivial due to e.g. lack of file name support for `<>` in Windows. Version 1.0.11 fixes the issue.

Vendor	Product	Versions
denoland	std	affected `< 1.0.11`

Weaknesses (CWE)

References

https://github.com/denoland/std/security/advisories/GHSA-32fx-h446-h8pf

x_refsource_CONFIRM

https://github.com/denoland/std/blob/065296ca5a05a47f9741df8f99c32fae4f960070/http/file_server.ts#L507

x_refsource_MISC

https://github.com/denoland/std/blob/065296ca5a05a47f9741df8f99c32fae4f960070/http/file_server.ts#L532

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2024-52793 - Security Vulnerability | QwikSec