Lucene search
GoogleOSV:CVE-2019-10773HistoryDec 16, 2019 - 8:15 p.m.
CVE-2019-10773
2019-12-1620:15:14
Google
osv.dev
7
In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted “bin” keys. Existing files could be overwritten depending on the current user permission set.
References
access.redhat.com/errata/RHSA-2020:0475
blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/
github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7
github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI/
snyk.io/vuln/SNYK-JS-YARN-537806%2C
Related
github
github
Yarn Improper link resolution before file access (Link Following)
2020-02-14 23:10:16
fedora
fedora
[SECURITY] Fedora 30 Update: nodejs-yarn-1.21.1-1.fc30
2020-02-08 01:39:29
[SECURITY] Fedora 31 Update: nodejs-yarn-1.21.1-1.fc31
2020-02-08 02:04:12
osv
osv
Yarn Improper link resolution before file access (Link Following)
2020-02-14 23:10:16
nessus
nessus
Fedora 30 : nodejs-yarn (2020-7525beefa1)
2020-02-10 00:00:00
Fedora 31 : nodejs-yarn (2020-766ce5adae)
2020-02-10 00:00:00
Photon OS 2.0: Yarn PHSA-2020-2.0-0200
2020-01-16 00:00:00
debiancve
debiancve
CVE-2019-10773
2019-12-16 20:15:14
openvas
openvas
Fedora: Security Advisory for nodejs-yarn (FEDORA-2020-7525beefa1)
2020-02-08 00:00:00
Fedora: Security Advisory for nodejs-yarn (FEDORA-2020-766ce5adae)
2020-02-08 00:00:00
cvelist
cvelist
CVE-2019-10773
2019-12-16 19:31:34
ubuntucve
ubuntucve
CVE-2019-10773
2019-12-16 00:00:00
redhat
redhat
(RHSA-2020:0475) Important: Red Hat Quay v3.2.1 security update
2020-02-11 18:23:36
cve
cve
CVE-2019-10773
2019-12-16 20:15:14
prion
prion
Design/Logic Flaw
2019-12-16 20:15:00
redhatcve
redhatcve
CVE-2019-10773
2020-01-06 23:08:57
veracode
veracode
Unauthorized File Access
2019-12-16 01:26:56
nvd
nvd
CVE-2019-10773
2019-12-16 20:15:14
photon
photon
Important Photon OS Security Update - PHSA-2020-0057
2020-02-14 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0200
2020-01-14 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0057
2020-02-14 00:00:00