yarn@1.22.8 vulnerabilities

📦🐈 Fast, reliable, and secure dependency management.

  • latest version

    1.22.22

  • latest non vulnerable version

  • first published

    12 years ago

  • latest version published

    10 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the yarn package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Untrusted Search Path

    yarn is a package for dependency management.

    Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can execute arbitrary code by placing a malicious executable file in a directory that is then searched by the victim running certain commands.

    Note: This is only exploitable on Windows.

    How to fix Untrusted Search Path?

    Upgrade yarn to version 1.22.13 or higher.

    <1.22.13