admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2019/10xxx/CVE-2019-10773.json

92 lines
3.4 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2019-04-03 22:00:45 +00:00
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10773",
"-Synchronized-Data."
2019-12-16 20:01:14 +00:00
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Yarn",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 1.21.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-YARN-537806,",
"url": "https://snyk.io/vuln/SNYK-JS-YARN-537806,"
},
{
"refsource": "MISC",
"name": "https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7",
"url": "https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023",
"url": "https://github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023"
},
{
"refsource": "MISC",
"name": "https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/",
"url": "https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/"
"-Synchronized-Data."
2020-02-08 04:01:09 +00:00
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-766ce5adae",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-7525beefa1",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5/"
"-Synchronized-Data."
2020-02-11 21:01:09 +00:00
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0475",
"url": "https://access.redhat.com/errata/RHSA-2020:0475"
"-Synchronized-Data."
2019-12-16 20:01:14 +00:00
}
]
"-Synchronized-Data."
2019-04-03 22:00:45 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2019-12-16 20:01:14 +00:00
"value": "In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted \"bin\" keys. Existing files could be overwritten depending on the current user permission set."
"-Synchronized-Data."
2019-04-03 22:00:45 +00:00
}
]
}
}
Reference in New Issue Copy Permalink