CVE-2020-8131: Path Traversal

February 24, 2020 (updated March 24, 2020)

Arbitrary filesystem write vulnerability in Yarn allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.

References

nvd.nist.gov/vuln/detail/CVE-2020-8131

Detect and mitigate CVE-2020-8131 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →