CVE-2021-23391
HIGHcalipso - Path Traversal and Arbitrary File Write via Module Install Functionality
Title source: llmDescription
This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-CALIPSO-1300555
Third Party Advisory x_refsource_misc
https://github.com/cliftonc/calipso
Scores
CVSS v3
7.3
EPSS
0.0043
EPSS Percentile
34.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Details
CWE
CWE-22
Status
published
Products (2)
calipso_project/calipso
npm/calipso
0npm
Published
Jun 07, 2021
Tracked Since
Feb 18, 2026