Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/432873?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/432873?format=api", "purl": "pkg:npm/yarn@0.1.2", "type": "npm", "namespace": "", "name": "yarn", "version": "0.1.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.22.13", "latest_non_vulnerable_version": "1.22.13", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48426?format=api", "vulnerability_id": "VCID-4td1-5q3q-j7c5", "summary": "Missing Encryption of Sensitive Data in yarn\nYarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28614", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5448" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5448" }, { "reference_url": "https://github.com/ChALkeR/notes/blob/master/Yarn-vuln.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ChALkeR/notes/blob/master/Yarn-vuln.md" }, { "reference_url": "https://hackerone.com/reports/640904", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/640904" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5448", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5448" }, { "reference_url": "https://yarnpkg.com/blog/2019/07/12/recommended-security-update", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://yarnpkg.com/blog/2019/07/12/recommended-security-update" }, { "reference_url": "https://yarnpkg.com/blog/2019/07/12/recommended-security-update/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://yarnpkg.com/blog/2019/07/12/recommended-security-update/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941354", "reference_id": "941354", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941354" }, { "reference_url": "https://github.com/advisories/GHSA-wqfc-cr59-h64p", "reference_id": "GHSA-wqfc-cr59-h64p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wqfc-cr59-h64p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83530?format=api", "purl": "pkg:npm/yarn@1.17.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p5ta-q73z-mqd8" }, { "vulnerability": "VCID-rsht-dfsm-zbcf" }, { "vulnerability": "VCID-uge7-zyft-fqcv" }, { "vulnerability": "VCID-yun6-cgyk-nkbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/yarn@1.17.3" } ], "aliases": [ "CVE-2019-5448", "GHSA-wqfc-cr59-h64p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4td1-5q3q-j7c5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50043?format=api", "vulnerability_id": "VCID-p5ta-q73z-mqd8", "summary": "yarn: Arbitrary filesystem write via tar expansion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8131.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01041", "scoring_system": "epss", "scoring_elements": "0.77735", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8131" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/yarnpkg/yarn/pull/7831", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yarnpkg/yarn/pull/7831" }, { "reference_url": "https://hackerone.com/reports/730239", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/730239" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8131", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8131" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816261", "reference_id": "1816261", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816261" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952912", "reference_id": "952912", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952912" }, { "reference_url": "https://github.com/advisories/GHSA-8mfc-v7wv-p62g", "reference_id": "GHSA-8mfc-v7wv-p62g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8mfc-v7wv-p62g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0420", "reference_id": "RHSA-2021:0420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74257?format=api", "purl": "pkg:npm/yarn@1.22.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uge7-zyft-fqcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/yarn@1.22.0" } ], "aliases": [ "CVE-2020-8131", "GHSA-8mfc-v7wv-p62g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5ta-q73z-mqd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49821?format=api", "vulnerability_id": "VCID-rsht-dfsm-zbcf", "summary": "yarn: TOCTOU vulnerability leads to cache pollution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15608.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15608.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.6459", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15608" }, { "reference_url": "https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1190", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1190" }, { "reference_url": "https://github.com/yarnpkg/yarn/commit/0474b8c66a8ea298f5e4dedc67b2de464297ad1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yarnpkg/yarn/commit/0474b8c66a8ea298f5e4dedc67b2de464297ad1c" }, { "reference_url": "https://hackerone.com/reports/703138", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/703138" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15608", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15608" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851875", "reference_id": "1851875", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851875" }, { "reference_url": "https://github.com/advisories/GHSA-hjxc-462x-x77j", "reference_id": "GHSA-hjxc-462x-x77j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hjxc-462x-x77j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86704?format=api", "purl": "pkg:npm/yarn@1.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p5ta-q73z-mqd8" }, { "vulnerability": "VCID-uge7-zyft-fqcv" }, { "vulnerability": "VCID-yun6-cgyk-nkbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/yarn@1.19.0" } ], "aliases": [ "CVE-2019-15608", "GHSA-hjxc-462x-x77j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rsht-dfsm-zbcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10347?format=api", "vulnerability_id": "VCID-uge7-zyft-fqcv", "summary": "Yarn untrusted search path vulnerability\nAn untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4435.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4435.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-4435", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-17T14:29:04Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-4435" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16162", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4435" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262284", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-17T14:29:04Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4435", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4435" }, { "reference_url": "https://github.com/yarnpkg/yarn", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yarnpkg/yarn" }, { "reference_url": "https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-17T14:29:04Z/" } ], "url": "https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1" }, { "reference_url": "https://github.com/yarnpkg/yarn/releases/tag/v1.22.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-17T14:29:04Z/" } ], "url": "https://github.com/yarnpkg/yarn/releases/tag/v1.22.13" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4435", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4435" }, { "reference_url": "https://github.com/advisories/GHSA-mpwj-fcr6-x34c", "reference_id": "GHSA-mpwj-fcr6-x34c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mpwj-fcr6-x34c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26741?format=api", "purl": "pkg:npm/yarn@1.22.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/yarn@1.22.13" } ], "aliases": [ "CVE-2021-4435", "GHSA-mpwj-fcr6-x34c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uge7-zyft-fqcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40700?format=api", "vulnerability_id": "VCID-yun6-cgyk-nkbr", "summary": "Yarn Improper link resolution before file access (Link Following)\nIn Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted \"bin\" keys. Existing files could be overwritten depending on the current user permission set.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0475", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0475" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.6812", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10773" }, { "reference_url": "https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn" }, { "reference_url": "https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10773" }, { "reference_url": "https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7" }, { "reference_url": "https://github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023" }, { "reference_url": "https://github.com/yarnpkg/yarn/pull/7755", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yarnpkg/yarn/pull/7755" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10773", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10773" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-YARN-537806,", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-YARN-537806," }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788328", "reference_id": "1788328", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788328" }, { "reference_url": "https://github.com/advisories/GHSA-5xf4-f2fq-f69j", "reference_id": "GHSA-5xf4-f2fq-f69j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5xf4-f2fq-f69j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/321515?format=api", "purl": "pkg:npm/yarn@1.21.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p5ta-q73z-mqd8" }, { "vulnerability": "VCID-uge7-zyft-fqcv" }, { "vulnerability": "VCID-yun6-cgyk-nkbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/yarn@1.21.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74257?format=api", "purl": "pkg:npm/yarn@1.22.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uge7-zyft-fqcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/yarn@1.22.0" } ], "aliases": [ "CVE-2019-10773", "GHSA-5xf4-f2fq-f69j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yun6-cgyk-nkbr" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/yarn@0.1.2" }