Lucene search
K

6 matches found

Wolfi
Wolfi
added 2026/06/17 8:23 p.m.8 views

CVE-2019-5448 vulnerabilities

Vulnerabilities for packages: yarn...

8.1CVSS7.7AI score0.00668EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/10/22 12:0 a.m.28 views

Photon OS 3.0: Yarn PHSA-2019-3.0-0034

An update of the yarn package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0034. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid130123;...

8.1CVSS8.1AI score0.00668EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/10/07 12:0 a.m.35 views

Photon OS 1.0: Yarn PHSA-2019-1.0-0255

An update of the yarn package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0255. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid129687;...

8.1CVSS8.1AI score0.00668EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2019/07/31 4:22 a.m.4 views

@atto-byte/ui (=1.0.4), @cessair/building (=1.0.0) +128 more potentially affected by CVE-2019-5448 via yarn (>=0.15.1 <=1.16.0)

yarn NPM version =0.15.1, =1.0.0, =1.0.0, =1.9.9, =1.0.0, =1.0.21, =1.6.6-0, =8.3.8, =0.1.0, =0.1.0, =0.1.14 and more Source cves: CVE-2019-5448 Source advisory: OSV:GHSA-WQFC-CR59-H64P...

8.1CVSS7.2AI score0.00668EPSS
Exploits1
CVE
CVE
added 2019/07/30 8:15 p.m.84 views

CVE-2019-5448

CVE-2019-5448 affects Yarn; the vulnerability arises from HTTP URLs in a Yarn lockfile that can cause unencrypted authentication data to be transmitted. The connected advisories confirm Photon OS and Nessus plugins flag Yarn as affected and advise updating the Yarn package to mitigate. The exact ...

8.1CVSS7.8AI score0.00668EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2019/07/12 9:30 a.m.4 views

@jamesbliss/react-flickity (>=1.0.0 <=1.4.0), @jamesbliss/react-spy (=0.0.1) +17 more potentially affected by CVE-2019-5448 via yarn (>=1.0.2 <=1.16.0)

yarn NPM version =1.0.2, =1.0.0, =1.9.9, =1.0.0, =1.0.21, =8.3.8, =0.1.0, =3.0.0, =0.0.0-semantic-release, =1.1.2, =0.1.9, =1.0.0, =1.11.13 and more Source cves: CVE-2019-5448 Source advisory: SNYK:JS-YARN-451571...

8.1CVSS7.2AI score0.00668EPSS
Exploits1
Rows per page
Query Builder