Primary

Context

Deno Database Permission Bypass Vulnerability in SQLite Integration

Vulnerability

Patched

A vulnerability exists in Deno versions 2.2.0 prior to 2.2.5, allowing users to bypass the runtime's read and write database permission checks. This is achieved by using the 'ATTACH DATABASE' statement within the 'node:sqlite' module. The issue has been addressed in Deno version 2.2.5.

Impact

Exploitation of this vulnerability allows for unauthorized read and write operations on SQLite databases, potentially leading to data manipulation or corruption.

Reproduction

To reproduce this vulnerability, create a script that imports the 'node:sqlite' module and establishes a database connection. Use the 'ATTACH DATABASE' statement to attach a new database file, bypassing Deno's permission checks. After attaching the database, it is possible to execute further SQL commands that could manipulate or access data in ways that should be restricted.

Remediation

Users can upgrade to Deno version 2.2.5 or later to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Deno Database Permission Bypass Vulnerability in SQLite Integration

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Deno

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating