Description
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
Remediation
References
https://github.com/yarnpkg/yarn/pull/7831
https://hackerone.com/reports/730239
Related Vulnerabilities
CVE-2022-24772 Vulnerability in npm package node-forge
CVE-2023-30513 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes
CVE-2023-22580 Vulnerability in npm package @sequelize/core
CVE-2022-46907 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2022-22963 Vulnerability in maven package org.springframework.cloud:spring-cloud-function-core