CVE-2020-8131
Published
CVSS v3
7.5
HIGH
CVSS v2
5.1
MEDIUM
Affected
1
PROJECT
Description
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
GitHub