yarnpkg was added to epel8 repo on 2024-09-18
Page updated: 2024-09-18 02:34
Repo Status -
Overall Status
Source NVR: yarnpkg-1.22.19-2.el8 (2024-09-18)
| yarnpkg | yarnpkg-1.22.19-2.el8 |
| 2220677 | NEW | CVE-2023-26136 yarnpkg: tough-cookie: prototype pollution in cookie memstore [epel-all] |
| 2222350 | NEW | CVE-2022-38900 yarnpkg: decode-uri-component: improper input validation resulting in DoS [epel-8] |
| 2222512 | NEW | CVE-2022-25883 yarnpkg: nodejs-semver: Regular expression denial of service [epel-all] |
| 2246630 | NEW | CVE-2023-46234 yarnpkg: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [epel-all] |
| 2280614 | NEW | CVE-2024-4068 yarnpkg: braces: fails to limit the number of characters it can handle [epel-all] |
| 2280768 | NEW | CVE-2024-4067 yarnpkg: micromatch: vulnerable to Regular Expression Denial of Service [epel-all] |
| 2290910 | NEW | CVE-2024-29041 yarnpkg: express: cause malformed URLs to be evaluated [epel-all] |
| 2293212 | NEW | CVE-2024-28863 yarnpkg: node-tar: denial of service while parsing a tar file due to lack of folders depth validation [epel-8] |
| 2303222 | NEW | CVE-2024-42461 yarnpkg: From NVD collector [epel-all] |
| 2303441 | NEW | CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers [epel-all] |
| 2303538 | NEW | CVE-2024-42460 yarnpkg: ECDSA signature malleability due to missing checks [epel-all] |
| 2303782 | NEW | CVE-2024-42459 yarnpkg: From NVD collector [epel-all] |
| 2311376 | NEW | CVE-2024-43796 yarnpkg: Improper Input Handling in Express Redirects [epel-8] |