1.22.22
12 years ago
9 months ago
Known vulnerabilities in the yarn package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
yarn is a package for dependency management. Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can execute arbitrary code by placing a malicious executable file in a directory that is then searched by the victim running certain commands. Note: This is only exploitable on Windows. How to fix Untrusted Search Path? Upgrade | <1.22.13 |
yarn is a package for dependency management. Affected versions of this package are vulnerable to Improper Integrity Checks. It allows to pollute yarn cache via a crafted How to fix Improper Integrity Checks? Upgrade | <1.19 |
yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Overwrite. It is possible for a malicious package, upon install, to write to any path on the filesystem even when the How to fix Arbitrary File Overwrite? Upgrade | <1.22.0 |
yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Write. The package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted How to fix Arbitrary File Write? Upgrade | <1.21.1 |
yarn is a package for dependency management. Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). Npm credentials such as How to fix Man-in-the-Middle (MitM)? Upgrade | <1.17.3 |