CVE-2021-4435

Summary

An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.

Affected Software

VendorProductVersion RangeStatus
n/ayarn1.22.13unaffected

Weaknesses

  • CWE-426: Untrusted Search Path

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References