CVE-2020-8131 Vulnerability in maven package org.webjars.npm:yarn

Description

Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.

Remediation

References

https://hackerone.com/reports/730239

https://github.com/yarnpkg/yarn/pull/7831

Related Vulnerabilities

CVE-2022-23712 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2023-42795 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2021-32859 Vulnerability in maven package org.webjars.npm:github-com-baremetrics-calendar

CVE-2021-21685 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-43961 Vulnerability in maven package cn.dev33:sa-token-core

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H