Risk Scores
CVSS v3.1
6.099999904632568
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
Timeline
- Feb 15, 2020 CVE Published
- Feb 15, 2020 PoC Published
Filesystem Writes via `yarn install` via symlinks and tar transforms inside a crafted malicious package