Lucene search
SnykCVELIST:CVE-2019-10773HistoryDec 16, 2019 - 7:31 p.m.
CVE-2019-10773
2019-12-1619:31:34
snyk
www.cve.org
In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted “bin” keys. Existing files could be overwritten depending on the current user permission set.
CNA Affected
[
{
"product": "Yarn",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 1.21.1"
}
]
}
]References
access.redhat.com/errata/RHSA-2020:0475
blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/
github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7
github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI/
snyk.io/vuln/SNYK-JS-YARN-537806%2C
Related
nessus
nessus
Fedora 30 : nodejs-yarn (2020-7525beefa1)
2020-02-10 00:00:00
Fedora 31 : nodejs-yarn (2020-766ce5adae)
2020-02-10 00:00:00
Photon OS 3.0: Yarn PHSA-2020-3.0-0057
2020-02-20 00:00:00
debiancve
debiancve
CVE-2019-10773
2019-12-16 20:15:14
osv
osv
Yarn Improper link resolution before file access (Link Following)
2020-02-14 23:10:16
CVE-2019-10773
2019-12-16 20:15:14
fedora
fedora
[SECURITY] Fedora 30 Update: nodejs-yarn-1.21.1-1.fc30
2020-02-08 01:39:29
[SECURITY] Fedora 31 Update: nodejs-yarn-1.21.1-1.fc31
2020-02-08 02:04:12
github
github
Yarn Improper link resolution before file access (Link Following)
2020-02-14 23:10:16
redhat
redhat
(RHSA-2020:0475) Important: Red Hat Quay v3.2.1 security update
2020-02-11 18:23:36
openvas
openvas
Fedora: Security Advisory for nodejs-yarn (FEDORA-2020-766ce5adae)
2020-02-08 00:00:00
Fedora: Security Advisory for nodejs-yarn (FEDORA-2020-7525beefa1)
2020-02-08 00:00:00
ubuntucve
ubuntucve
CVE-2019-10773
2019-12-16 00:00:00
cve
cve
CVE-2019-10773
2019-12-16 20:15:14
redhatcve
redhatcve
CVE-2019-10773
2020-01-06 23:08:57
veracode
veracode
Unauthorized File Access
2019-12-16 01:26:56
prion
prion
Design/Logic Flaw
2019-12-16 20:15:00
nvd
nvd
CVE-2019-10773
2019-12-16 20:15:14
photon
photon
Important Photon OS Security Update - PHSA-2020-0057
2020-02-14 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0200
2020-01-14 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0057
2020-02-14 00:00:00