H1-730239 — Vulnetix

H1-730239 PUBLISHED CVSS 6.099999904632568 MEDIUM

Filesystem Writes via `yarn install` via symlinks and tar transforms inside a crafted malicious package

Risk Scores

CVSS 3.1

6.099999904632568

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

Exploit Intelligence

Filesystem Writes via `yarn install` via symlinks and tar transforms inside a crafted malicious package (hackerone)
Filesystem Writes via `yarn install` via symlinks and tar transforms inside a crafted malicious package (hackerone)

Timeline

Feb 15, 2020 CVE Published
Feb 15, 2020 PoC Published

References

Filesystem Writes via `yarn install` via symlinks and tar transforms inside a crafted malicious package advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›