CVE-2021-4435

Untrusted Search Path in npm/yarn

Identifiers

CVE-2021-4435, GHSA-mpwj-fcr6-x34c

Package Slug

npm/yarn

Vulnerability

Untrusted Search Path

Description

An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.

Affected Versions

All versions before 1.22.13

Solution

Upgrade to version 1.22.13 or above.

Last Modified

2024-02-06

source