yarn@1.21.1 vulnerabilities

📦🐈 Fast, reliable, and secure dependency management.

Direct Vulnerabilities

Known vulnerabilities in the yarn package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Arbitrary File Overwrite

yarn is a package for dependency management.

Affected versions of this package are vulnerable to Arbitrary File Overwrite. It is possible for a malicious package, upon install, to write to any path on the filesystem even when the --ignore-scripts option is set. This occurs due to symlinks not being correctly unpacked as part of the Yarn install process.

How to fix Arbitrary File Overwrite?

Upgrade yarn to version 1.22.0 or higher.

<1.22.0