yarn@1.21.0 vulnerabilities

📦🐈 Fast, reliable, and secure dependency management.

Known vulnerabilities in the yarn package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Untrusted Search Path yarn is a package for dependency management. Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can execute arbitrary code by placing a malicious executable file in a directory that is then searched by the victim running certain commands. Note: This is only exploitable on Windows. How to fix Untrusted Search Path? Upgrade `yarn` to version 1.22.13 or higher.	<1.22.13
M Arbitrary File Overwrite yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Overwrite. It is possible for a malicious package, upon install, to write to any path on the filesystem even when the `--ignore-scripts` option is set. This occurs due to symlinks not being correctly unpacked as part of the Yarn install process. How to fix Arbitrary File Overwrite? Upgrade `yarn` to version 1.22.0 or higher.	<1.22.0
L Arbitrary File Write yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Write. The package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted `bin` keys. Existing files could be overwritten depending on the current user permission set. How to fix Arbitrary File Write? Upgrade `yarn` to version 1.21.1 or higher.	<1.21.1