vulnerability
Debian: CVE-2019-5448: node-yarnpkg -- security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Jul 30, 2019 | Jul 30, 2024 | Jul 30, 2024 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Jul 30, 2019
Added
Jul 30, 2024
Modified
Jul 30, 2024
Description
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.
Solution
debian-upgrade-node-yarnpkg
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.