You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Descriptions: Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.
CVE IDs: CVE-2019-5448
Other security advisory IDs: N/A
Descriptions: Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.
Patches: Forces using https for the regular registries
PoC(s): N/A
Architectural progress:
noarch
(v1.16.0/stable)The text was updated successfully, but these errors were encountered: