CVE-2021-4435, GHSA-mpwj-fcr6-x34c
npm/yarn
Untrusted Search Path
An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.
All versions before 1.22.13
Upgrade to version 1.22.13 or above.
2024-02-07
source |