Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-5XF4-F2FQ-F69J
HistoryFeb 14, 2020 - 11:10 p.m.

Yarn Improper link resolution before file access (Link Following)

2020-02-1423:10:16
Google
osv.dev
8

0.003 Low

EPSS

Percentile

69.5%

JSON

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted “bin” keys. Existing files could be overwritten depending on the current user permission set.

CPENameOperatorVersion
yarnlt1.22.0

Related

nessus 5
debiancve 1
fedora 2
github 1
redhat 1
openvas 2
ubuntucve 1
cve 1
redhatcve 1
veracode 1
prion 1
osv 1
nvd 1
cvelist 1
photon 6
nessus
nessus
Fedora 30 : nodejs-yarn (2020-7525beefa1)
2020-02-10 00:00:00
Fedora 31 : nodejs-yarn (2020-766ce5adae)
2020-02-10 00:00:00
Photon OS 3.0: Yarn PHSA-2020-3.0-0057
2020-02-20 00:00:00
debiancve
debiancve
CVE-2019-10773
2019-12-16 20:15:14
fedora
fedora
[SECURITY] Fedora 30 Update: nodejs-yarn-1.21.1-1.fc30
2020-02-08 01:39:29
[SECURITY] Fedora 31 Update: nodejs-yarn-1.21.1-1.fc31
2020-02-08 02:04:12
github
github
Yarn Improper link resolution before file access (Link Following)
2020-02-14 23:10:16
redhat
redhat
(RHSA-2020:0475) Important: Red Hat Quay v3.2.1 security update
2020-02-11 18:23:36
openvas
openvas
Fedora: Security Advisory for nodejs-yarn (FEDORA-2020-766ce5adae)
2020-02-08 00:00:00
Fedora: Security Advisory for nodejs-yarn (FEDORA-2020-7525beefa1)
2020-02-08 00:00:00
ubuntucve
ubuntucve
CVE-2019-10773
2019-12-16 00:00:00
cve
cve
CVE-2019-10773
2019-12-16 20:15:14
redhatcve
redhatcve
CVE-2019-10773
2020-01-06 23:08:57
veracode
veracode
Unauthorized File Access
2019-12-16 01:26:56
prion
prion
Design/Logic Flaw
2019-12-16 20:15:00
osv
osv
CVE-2019-10773
2019-12-16 20:15:14
nvd
nvd
CVE-2019-10773
2019-12-16 20:15:14
cvelist
cvelist
CVE-2019-10773
2019-12-16 19:31:34
photon
photon
Important Photon OS Security Update - PHSA-2020-0057
2020-02-14 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0200
2020-01-14 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0057
2020-02-14 00:00:00

0.003 Low

EPSS

Percentile

69.5%

JSON
Related for OSV:GHSA-5XF4-F2FQ-F69J
nessus5debiancve1fedora2github1redhat1openvas2ubuntucve1cve1redhatcve1veracode1prion1osv1nvd1cvelist1photon6