yarnpkg was added to epel8 repo on 2023-01-13
Page updated: 2025-04-01 04:43
Repo Status -
Overall Status
Source NVR: yarnpkg-1.22.19-2.el8 (2023-01-13)
| yarnpkg | yarnpkg-1.22.19-2.el8 |
| 2222350 | NEW | CVE-2022-38900 yarnpkg: decode-uri-component: improper input validation resulting in DoS [epel-8] |
| 2293212 | NEW | CVE-2024-28863 yarnpkg: node-tar: denial of service while parsing a tar file due to lack of folders depth validation [epel-8] |
| 2311376 | NEW | CVE-2024-43796 yarnpkg: Improper Input Handling in Express Redirects [epel-8] |
| 2317786 | ON_QA | CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification [epel-8] |
| 2355665 | ON_QA | CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [epel-8] |