CVE-2020-8131 Vulnerability in maven package org.webjars.npm:yarn

Description

Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.

Remediation

References

https://github.com/yarnpkg/yarn/pull/7831

https://hackerone.com/reports/730239

Related Vulnerabilities

CVE-2016-8747 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2022-25851 Vulnerability in maven package org.webjars.npm:jpeg-js

CVE-2018-1000118 Vulnerability in npm package electron

CVE-2016-0791 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-46907 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H