DEBIAN-CVE-2020-8131

DEBIAN-CVE-2020-8131 PUBLISHED CVSS 7.5 HIGH

Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	node-yarnpkg	0, 0, 0
Debian:14	node-yarnpkg	0, 0, 0
Debian:12	node-yarnpkg	0, 0, 0
Debian:13	node-yarnpkg	0, 0, 0

Timeline

Feb 24, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-8131 advisory

Open in Interactive Console →