6 matches found
CVE-2019-5448 vulnerabilities
Vulnerabilities for packages: yarn...
Photon OS 3.0: Yarn PHSA-2019-3.0-0034
An update of the yarn package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0034. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid130123;...
Photon OS 1.0: Yarn PHSA-2019-1.0-0255
An update of the yarn package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0255. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid129687;...
@atto-byte/ui (=1.0.4), @cessair/building (=1.0.0) +128 more potentially affected by CVE-2019-5448 via yarn (>=0.15.1 <=1.16.0)
yarn NPM version =0.15.1, =1.0.0, =1.0.0, =1.9.9, =1.0.0, =1.0.21, =1.6.6-0, =8.3.8, =0.1.0, =0.1.0, =0.1.14 and more Source cves: CVE-2019-5448 Source advisory: OSV:GHSA-WQFC-CR59-H64P...
CVE-2019-5448
CVE-2019-5448 affects Yarn; the vulnerability arises from HTTP URLs in a Yarn lockfile that can cause unencrypted authentication data to be transmitted. The connected advisories confirm Photon OS and Nessus plugins flag Yarn as affected and advise updating the Yarn package to mitigate. The exact ...
@jamesbliss/react-flickity (>=1.0.0 <=1.4.0), @jamesbliss/react-spy (=0.0.1) +17 more potentially affected by CVE-2019-5448 via yarn (>=1.0.2 <=1.16.0)
yarn NPM version =1.0.2, =1.0.0, =1.9.9, =1.0.0, =1.0.21, =8.3.8, =0.1.0, =3.0.0, =0.0.0-semantic-release, =1.1.2, =0.1.9, =1.0.0, =1.11.13 and more Source cves: CVE-2019-5448 Source advisory: SNYK:JS-YARN-451571...