Lucene search

K

Ubuntu.comUB:CVE-2021-4435

HistoryFeb 04, 2024 - 12:00 a.m.

CVE-2021-4435

2024-02-0400:00:00

ubuntu.com

ubuntu.com

13

yarn

vulnerability

untrusted search path

execution

unix

security

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

19.7%

An untrusted search path vulnerability was found in Yarn. When a victim
runs certain Yarn commands in a directory with attacker-controlled content,
malicious commands could be executed in unexpected ways.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchnode-yarnpkg< anyUNKNOWN
ubuntu22.04noarchnode-yarnpkg< anyUNKNOWN
ubuntu24.04noarchnode-yarnpkg< anyUNKNOWN

References

access.redhat.com/security/cve/CVE-2021-4435

bugzilla.redhat.com/show_bug.cgi?id=2262284

github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1

github.com/yarnpkg/yarn/releases/tag/v1.22.13

launchpad.net/bugs/cve/CVE-2021-4435

nvd.nist.gov/vuln/detail/CVE-2021-4435

security-tracker.debian.org/tracker/CVE-2021-4435

www.cve.org/CVERecord?id=CVE-2021-4435

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

19.7%

Related for UB:CVE-2021-4435

nessus1 osv2 cve1 cvelist1 prion1 veracode1 redhatcve1 debiancve1 github1 nvd1 photon1