admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2020/8xxx/CVE-2020-8131.json
CVE Team 2fa71d7eb2
"-Synchronized-Data."
2020-02-28 20:01:12 +00:00

67 lines
2.0 KiB
JSON
Raw Blame History

{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8131",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "yarn",
"version": {
"version_data": [
{
"version_value": "Fixed Version: 1.22.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/730239",
"url": "https://hackerone.com/reports/730239"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/yarnpkg/yarn/pull/7831",
"url": "https://github.com/yarnpkg/yarn/pull/7831"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package."
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink