Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

The deno core exposes an op_panic in the base runtime which can force a panic in the runtime's containing thread #31

Open
rscarson opened this issue Jul 18, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@rscarson
Copy link
Contributor

rscarson commented Jul 18, 2024

See [rscarson/rustyscript/issues/174]

A new review of available-by-default ops has revealed Deno.core.ops.op_panic, which when called forces a panic in the thread containing the runtime, violating the sandbox and possibly triggering a DOS.

This can be fixed by stubbing out the panic op:

Deno.core.ops.op_panic = (msg) => { throw new Error(msg) };
@rscarson rscarson changed the title Vulnerability: The deno core exposes an op_panic in the base runtime which can force a panic in the runtime's containing thread The deno core exposes an op_panic in the base runtime which can force a panic in the runtime's containing thread Jul 18, 2024
@Bromeon Bromeon added the bug Something isn't working label Jul 19, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants