An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| yarn(npm) | 0 | 1.22.13 | N/A |
CVSS Metrics
