Vulnerability DatabaseCVE-2022-24783

CVE-2022-24783:
Rust vulnerability analysis and mitigation

Overview

Deno, a runtime for JavaScript and TypeScript, was found to contain a critical security vulnerability between versions 1.18.0 and 1.20.2. The vulnerability (CVE-2022-24783) allowed malicious actors controlling code executed in a Deno runtime to bypass all permission checks and execute arbitrary shell code. The vulnerability was discovered and disclosed on March 25, 2022, and was patched in version 1.20.3. This security issue did not affect users of Deno Deploy (GitHub Advisory).

Technical details

The vulnerability stemmed from certain FFI (Foreign Function Interface) operations not correctly implementing permission checks, which could lead to unauthorized code execution. The issue was assigned a CVSS v3.1 base score of 10.0 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. The vulnerability was classified under CWE-863 (Incorrect Authorization) and CWE-269 (Improper Privilege Management) (NVD).

Impact

The vulnerability allowed attackers to bypass all permission checks in the Deno runtime, potentially leading to the execution of arbitrary shell code. This represented a significant security risk as it could enable unauthorized access and execution of malicious code on affected systems (GitHub Advisory).

Mitigation and workarounds

The vulnerability was patched in Deno version 1.20.3. No workarounds were available, and all users were recommended to upgrade to version 1.20.3 immediately (GitHub Advisory).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

10

Score

Published March 25, 2022

Severity CRITICAL

CNA Score 10.0

Affected Technologies

Rust
NixOS

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 57.8

Exploitation Probability (EPSS) 0.4

Affected packages and libraries

deno

Sources

NVD
Chainguard
- Chainguard No FixAdded at: Sep 03, 2025
GitHub Advisory Database
- Rust Severity CRITICALHas FixAdded at: Dec 26, 2024
Homebrew
- Homebrew Severity CRITICALHas FixAdded at: Feb 12, 2024
Nix
- Nix Severity CRITICALHas FixAdded at: Nov 01, 2023
Wolfi
- Wolfi No FixAdded at: Sep 01, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Rust vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-22257	HIGH	8.8	Rust	salvo	No	Yes	Jan 08, 2026
CVE-2026-22698	HIGH	8.7	Rust	sm2	No	No	Jan 10, 2026
CVE-2026-22699	HIGH	7.5	Rust	sm2	No	No	Jan 10, 2026
GHSA-g59m-gf8j-gjf5	LOW	3.7	Rust	aws-sdk-neptunedata	No	Yes	Jan 08, 2026
GHSA-585q-cm62-757j	LOW	2	Rust	mnl	No	No	Jan 09, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2022-24783: Rust vulnerability analysis and mitigation