Description
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
Remediation
References
https://github.com/yarnpkg/yarn/pull/7831
https://hackerone.com/reports/730239
Related Vulnerabilities
CVE-2016-6796 Vulnerability in maven package tomcat:jasper
CVE-2023-1370 Vulnerability in maven package net.minidev:json-smart
CVE-2022-31139 Vulnerability in maven package io.github.karlatemp:unsafe-accessor
CVE-2021-32860 Vulnerability in npm package izimodal
CVE-2021-27516 Vulnerability in maven package org.webjars.npm:urijs