How severe is CVE-2023-28446?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-28446?

This is classified as CWE-150, which is a common weakness in software security.

CVE-2023-28446 - HIGH Severity | CVSS 8.8

Vulnerability Description

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a `op_spawn_child` or `op_kill` prompt and replace it with any desired text. This works with any command on the respective platform, giving the program the full ability to choose what program they wanted to run. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). This issue has been patched in version 1.31.2.

Related Vulnerabilities

CVE-2023-30844

HIGH

CVSS:8.8(High)

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutag...

CWE-1502023

CVE-2025-0975

HIGH

CVSS:8.8(High)

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.

CWE-1502025

CVE-2023-40185

HIGH

CVSS:8.6(High)

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the...

CWE-1502023

CVE-2017-0899

CRITICAL

CVSS:9.8(Critical)

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequen...

CWE-1502017

CVE-2023-3265

CRITICAL

CVSS:9.8(Critical)

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "...

CWE-1502023

CVE-2025-25286

CRITICAL

CVSS:9.8(Critical)

Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessibl...

CWE-1502025