Description
This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality.
Remediation
References
https://github.com/cliftonc/calipso
https://snyk.io/vuln/SNYK-JS-CALIPSO-1300555
Related Vulnerabilities
CVE-2023-5654 Vulnerability in npm package react-devtools
CVE-2020-28452 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.11
CVE-2022-41918 Vulnerability in maven package org.opensearch.plugin:opensearch-security
CVE-2016-10735 Vulnerability in maven package org.ow2.jonas:bootstrap