Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2019-5448

Disclosure Date: July 30, 2019 (last updated November 27, 2024)
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0