exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2019-10773

около 6 лет назад

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.

CVSS3: 7.8

EPSS: Низкий

CVE-2019-10773

около 6 лет назад

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.

CVSS3: 7.8

EPSS: Низкий

CVE-2019-10773

около 6 лет назад

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.

CVSS3: 7.8

EPSS: Низкий

CVE-2019-10773

около 6 лет назад

In Yarn before 1.21.1, the package install functionality can be abused ...

CVSS3: 7.8

EPSS: Низкий

GHSA-5xf4-f2fq-f69j

почти 6 лет назад

Yarn Improper link resolution before file access (Link Following)

CVSS3: 7.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2019-10773 In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.	CVSS3: 7.8	1% Низкий	около 6 лет назад
CVE-2019-10773 In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.	CVSS3: 7.8	1% Низкий	около 6 лет назад
CVE-2019-10773 In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.	CVSS3: 7.8	1% Низкий	около 6 лет назад
CVE-2019-10773 In Yarn before 1.21.1, the package install functionality can be abused ...	CVSS3: 7.8	1% Низкий	около 6 лет назад
GHSA-5xf4-f2fq-f69j Yarn Improper link resolution before file access (Link Following)	CVSS3: 7.8	1% Низкий	почти 6 лет назад

Уязвимостей на страницу