yarn@1.22.0 vulnerabilities

📦🐈 Fast, reliable, and secure dependency management.

Direct Vulnerabilities

Known vulnerabilities in the yarn package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Untrusted Search Path

yarn is a package for dependency management.

Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can execute arbitrary code by placing a malicious executable file in a directory that is then searched by the victim running certain commands.

Note: This is only exploitable on Windows.

How to fix Untrusted Search Path?

Upgrade yarn to version 1.22.13 or higher.

<1.22.13