How severe is CVE-2024-27936?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-27936?

This is classified as CWE-150, which is a common weakness in software security.

CVE-2024-27936 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to the program are based on the contents that contain the ANSI escape sequences. Any Deno program can spoof the content of the interactive permission prompt by inserting a broken ANSI code, which allows a malicious Deno program to display the wrong file path or program name to the user. Version 1.41.0 of the deno library contains a patch for the issue.

Related Vulnerabilities

CVE-2024-9774

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in python-sql where unary operators do not escape non-Expression.

CWE-1502024

CVE-2025-1692

MEDIUM

CVSS:6.3(Medium)

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary cod...

CWE-1502025

CVE-2024-33899

HIGH

CVSS:7.1(High)

RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.

CWE-1502024

CVE-2024-36052

HIGH

CVSS:7.5(High)

RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.

CWE-1502024

CVE-2025-30089

MEDIUM

CVSS:5.4(Medium)

gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences.

CWE-1502025

CVE-2022-30123

CRITICAL

CVSS:10.0(Critical)

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.

CWE-1502022