CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.
Source: NIST
CVE-2019-5448

Leave a Reply

Your email address will not be published.