7.9 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.2%
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.
github.com/ChALkeR/notes/blob/master/Yarn-vuln.md
hackerone.com/reports/640904
yarnpkg.com/blog/2019/07/12/recommended-security-update/