Описание
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 1.22.4-2 |
| eoan | ignored | end of life |
| esm-apps/focal | not-affected | 1.22.4-2 |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 1.22.4-2 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
5.1 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...
5.1 Medium
CVSS2
7.5 High
CVSS3