Lucene search
Veracode Vulnerability DatabaseVERACODE:22173HistoryDec 16, 2019 - 1:26 a.m.
Unauthorized File Access
2019-12-1601:26:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.003 Low
EPSS
Percentile
69.5%
yarn is vulnerable to unauthorized file overwrite. The vulnerability exists as it was possible to create symlinks to files, using the value of bin, to access files out of the node_modules folder.
References
access.redhat.com/errata/RHSA-2020:0475
blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/
github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7
github.com/yarnpkg/yarn/commit/cefe4c529816f94cfefbb78c1b0d16d7da895b64
github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023
github.com/yarnpkg/yarn/pull/7755
lists.fedoraproject.org/archives/list/[email protected]/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5/
lists.fedoraproject.org/archives/list/[email protected]/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI/
Related
osv
osv
Yarn Improper link resolution before file access (Link Following)
2020-02-14 23:10:16
CVE-2019-10773
2019-12-16 20:15:14
fedora
fedora
[SECURITY] Fedora 30 Update: nodejs-yarn-1.21.1-1.fc30
2020-02-08 01:39:29
[SECURITY] Fedora 31 Update: nodejs-yarn-1.21.1-1.fc31
2020-02-08 02:04:12
github
github
Yarn Improper link resolution before file access (Link Following)
2020-02-14 23:10:16
redhat
redhat
(RHSA-2020:0475) Important: Red Hat Quay v3.2.1 security update
2020-02-11 18:23:36
nessus
nessus
Photon OS 3.0: Yarn PHSA-2020-3.0-0057
2020-02-20 00:00:00
Photon OS 2.0: Yarn PHSA-2020-2.0-0200
2020-01-16 00:00:00
Photon OS 1.0: Yarn PHSA-2020-1.0-0264
2020-01-16 00:00:00
openvas
openvas
Fedora: Security Advisory for nodejs-yarn (FEDORA-2020-766ce5adae)
2020-02-08 00:00:00
Fedora: Security Advisory for nodejs-yarn (FEDORA-2020-7525beefa1)
2020-02-08 00:00:00
ubuntucve
ubuntucve
CVE-2019-10773
2019-12-16 00:00:00
cve
cve
CVE-2019-10773
2019-12-16 20:15:14
redhatcve
redhatcve
CVE-2019-10773
2020-01-06 23:08:57
prion
prion
Design/Logic Flaw
2019-12-16 20:15:00
nvd
nvd
CVE-2019-10773
2019-12-16 20:15:14
cvelist
cvelist
CVE-2019-10773
2019-12-16 19:31:34
debiancve
debiancve
CVE-2019-10773
2019-12-16 20:15:14
photon
photon
Important Photon OS Security Update - PHSA-2020-0057
2020-02-14 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0200
2020-01-14 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0057
2020-02-14 00:00:00