6 matches found
CVE-2019-15608 vulnerabilities
Vulnerabilities for packages: yarn...
CVE-2019-15608 vulnerabilities
Vulnerabilities for packages: yarn...
Photon OS 3.0: Yarn PHSA-2020-3.0-0078
An update of the yarn package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0078. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid135786;...
CVE-2019-15608
The package integrity validation in yarn 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack...
CVE-2019-15608
The package integrity validation in yarn 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack...
UBUNTU-CVE-2019-15608
The package integrity validation in yarn 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack...