Homepage

yarn@1.22.8

šŸ“¦šŸˆ Fast, reliable, and secure dependency management.

  • latest version

    1.22.22

  • first published

    14 years ago

  • latest version published

    2 years ago

  • licenses detected

  • View yarn package health on Snyk Ā (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the yarn package. This does not include vulnerabilities belonging to this packageā€™s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Regular Expression Denial of Service (ReDoS)

    yarn is a package for dependency management.

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the setOptions function in the src/util/request-manager.js file. An attacker can cause resource exhaustion by supplying crafted input that triggers excessive backtracking.

    How to fix Regular Expression Denial of Service (ReDoS)?

    There is no fixed version for yarn.

    *
    • H
    Untrusted Search Path

    yarn is a package for dependency management.

    Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can execute arbitrary code by placing a malicious executable file in a directory that is then searched by the victim running certain commands.

    Note: This is only exploitable on Windows.

    How to fix Untrusted Search Path?

    Upgrade yarn to version 1.22.13 or higher.

    <1.22.13
    Go back to all versions of this package