CVE-2020-8131
- Source
- https://cve.org/CVERecord?id=CVE-2020-8131
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8131.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-8131
- Aliases
- Downstream
- Published
- 2020-02-24T15:15:12.020Z
- Modified
- 2025-11-14T11:08:44.482354Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
- References
Affected packages
Git / github.com/yarnpkg/yarn
Affected ranges
- Type
- GIT
- Repo
- https://github.com/yarnpkg/yarn
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
0.*
0.4.0
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.5.0
0.6.0
0.6.1
Other
pre-release
v0.*
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.15.1
v0.17.0
v0.17.0-0
v0.18.0
v0.18.0-0
v0.19.0
v0.19.0-0
v0.20.0
v0.20.0-0
v0.21.0
v0.21.0-pre
v0.22.0
v0.23.0
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.19.0
v1.2.0
v1.2.1
v1.21.0
v1.21.1
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.4.1
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0