CVEs-PoC/2019/CVE-2019-10773.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 15:15:46 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.

POC

Reference

https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/

Github

https://github.com/productaize/bogrod

753 B Raw Blame History

CVE-2019-10773

Description

POC

Reference

Github

753 B

Raw Blame History