Security Advisory

CVE-2019-10773

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-16 19:31:34

Last updated 2024-08-04 22:32:01

Assigner snyk

State PUBLISHED

Description

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.

← Browse all CVEs View on cve.org ↗