Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
References
Link | Resource |
---|---|
https://github.com/yarnpkg/yarn/pull/7831 | Patch Third Party Advisory |
https://hackerone.com/reports/730239 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2020-02-24T14:41:23
Updated: 2020-02-28T19:29:35
Reserved: 2020-01-28T00:00:00
Link: CVE-2020-8131
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-02-24T15:15:12.020
Modified: 2020-03-24T14:47:04.697
Link: CVE-2020-8131
JSON object: View
Redhat Information
No data.
CWE