vulnerability
Ubuntu: (CVE-2021-4435): node-yarnpkg vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:H/Au:N/C:C/I:C/A:C) | Feb 4, 2024 | Jun 26, 2025 | Aug 18, 2025 |
Severity
6
CVSS
(AV:L/AC:H/Au:N/C:C/I:C/A:C)
Published
Feb 4, 2024
Added
Jun 26, 2025
Modified
Aug 18, 2025
Description
An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.
Solution
no-fix-ubuntu-package
References
- CVE-2021-4435
- https://attackerkb.com/topics/CVE-2021-4435
- CWE-426
- URL-https://access.redhat.com/security/cve/CVE-2021-4435
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2262284
- URL-https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1
- URL-https://github.com/yarnpkg/yarn/releases/tag/v1.22.13
- URL-https://www.cve.org/CVERecord?id=CVE-2021-4435
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.