CVE-2020-8131 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-8131 Interim 1 5 2025-02-17T01:36:25Z current 2021-05-30T14:37:45Z 2025-02-17T01:36:25Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-8131 Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. CVE-2020-8131 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H