CVE-2019-5448

Published
View on NVD ↗
CVSS v3
8.1
HIGH
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT

Description

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.

ChALkeR/notes
ChALkeR/notes
Some public notes
GitHubGitHub
1.27K