org.webjars.npm:yarn@1.22.19 vulnerabilities
-
latest version
1.22.19
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
2 years ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.webjars.npm:yarn package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.webjars.npm:yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Overwrite. It is possible for a malicious package, upon install, to write to any path on the filesystem even when the How to fix Arbitrary File Overwrite? Upgrade |
[,2.0.0-rc.27)
|
org.webjars.npm:yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Write. The package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted How to fix Arbitrary File Write? Upgrade |
[,2.0.0-rc.27)
|
org.webjars.npm:yarn is a package for dependency management. Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). Npm credentials such as How to fix Man-in-the-Middle (MitM)? Upgrade |
[,2.0.0-rc.27)
|