{"id":"CVE-2021-41641","details":"Deno \u003c=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.","aliases":["GHSA-67hm-27mx-9cg7"],"modified":"2026-04-10T04:38:41.391877Z","published":"2022-06-12T13:15:07.747Z","references":[{"type":"REPORT","url":"https://github.com/denoland/deno/issues/12152"},{"type":"EVIDENCE","url":"https://hackers.report/report/614876917a7b150012836bb8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/denoland/deno","events":[{"introduced":"1567c1013cc8ff12cf039137792da66a1d0015b5"},{"last_affected":"f92cc66f0dbf8e9753f2e98d4469190f3b561eb0"}],"database_specific":{"versions":[{"introduced":"1.10.3"},{"last_affected":"1.14.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41641.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"}]}