CVE-2023-28446: 
Rust vulnerability analysis and mitigation

CVE-2023-28446 affects Deno, a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. The vulnerability was discovered in versions 1.8.0 through 1.31.1 and was patched in version 1.31.2. The issue allows malicious programs to manipulate the interactive permission prompt through improper ANSI filtering in op_spawn_child or op_kill operations (GitHub Advisory).

The vulnerability stems from insufficient ANSI filtering in program names, which allows attackers to clear the first two lines of permission prompts and replace them with arbitrary text. This affects both op_spawn_child and op_kill operations. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high impact on confidentiality, integrity, and availability (NVD).

The vulnerability enables malicious programs to spoof interactive permission prompts, potentially tricking users into granting access to unintended commands. An attacker can manipulate the prompt to display any desired program name, giving them the ability to execute arbitrary commands on the affected system. However, this exploitation is only possible on systems with interactive prompts and cannot be exploited on headless servers (GitHub Advisory).

The vulnerability has been patched in Deno version 1.31.2. Users are strongly advised to upgrade to this version or later to mitigate the risk. For versions prior to v1.31.0, the vulnerability requires the --unstable flag to be exploited (GitHub Advisory, Deno Release).