yarn@1.21.1 vulnerabilities
📦🐈 Fast, reliable, and secure dependency management.
-
latest version
1.22.22
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
6 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the yarn package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
yarn is a package for dependency management. Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can execute arbitrary code by placing a malicious executable file in a directory that is then searched by the victim running certain commands. Note: This is only exploitable on Windows. How to fix Untrusted Search Path? Upgrade |
<1.22.13
|
yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Overwrite. It is possible for a malicious package, upon install, to write to any path on the filesystem even when the How to fix Arbitrary File Overwrite? Upgrade |
<1.22.0
|