CVE-2021-4435
Published
CVSS v3
7.7
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.
The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
GitHub