Description
This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality.
Remediation
References
https://github.com/cliftonc/calipso
https://snyk.io/vuln/SNYK-JS-CALIPSO-1300555
Related Vulnerabilities
CVE-2023-45884 Vulnerability in npm package openmct
CVE-2017-2599 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-21213 Vulnerability in npm package mout
CVE-2018-1000008 Vulnerability in maven package org.jvnet.hudson.plugins:pmd
CVE-2020-2214 Vulnerability in maven package org.jenkins-ci.plugins:zap-pipeline