Description
This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality.
Remediation
References
https://github.com/cliftonc/calipso
https://snyk.io/vuln/SNYK-JS-CALIPSO-1300555
Related Vulnerabilities
CVE-2022-25345 Vulnerability in npm package @discordjs/opus
CVE-2021-22569 Vulnerability in maven package com.google.protobuf:protobuf-java
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_3
CVE-2018-16492 Vulnerability in maven package org.webjars.npm:extend
CVE-2019-1003059 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher