PT-2019-17677 · Facebook+1 · Yarn+1

Skovorodan

Publicado

2019-07-30

Atualizado

2021-11-03

CVE-2019-5448

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Yarn versions prior to 1.17.3

Description The issue is related to missing encryption of sensitive data. Specifically, HTTP URLs in the lockfile cause unencrypted authentication data to be sent over the network.

Recommendations For versions prior to 1.17.3, update to version 1.17.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of HTTP URLs in the lockfile to minimize the risk of sending unencrypted authentication data over the network.

Exploit

Correção

Missing Encryption of Sensitive Data

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311CWE-319

Identificadores relacionados

ALT-PU-2019-2451

ALT-PU-2019-2452

CVE-2019-5448

GHSA-WQFC-CR59-H64P

Produtos afetados

Alt Linux

Yarn

PT-2019-17677 · Facebook+1 · Yarn+1

CVE-2019-5448

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14