Description
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
Remediation
References
https://github.com/yarnpkg/yarn/pull/7831
https://hackerone.com/reports/730239
Related Vulnerabilities
CVE-2022-36093 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-23386 Vulnerability in npm package dns-packet
CVE-2023-26480 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livedata-webjar
CVE-2022-23437 Vulnerability in maven package xerces:xercesimpl
CVE-2023-46131 Vulnerability in maven package org.grails:grails-web-common