[FEDORA-2023-ce8943223c] Fedora 37: yarnpkg

Severity Critical

Affected Packages 1

CVEs 3

Add patches for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677

Package	Affected Version
pkg:rpm/fedora/yarnpkg?distro=fedora-37	< 1.22.19.3.fc37

ID

FEDORA-2023-ce8943223c

Severity

critical

Severity from

CVE-2020-7677

URL

Published

2023-01-21T03:34:16
(20 months ago)

Modified

2023-01-21T03:34:16
(20 months ago)

Rights

Other Advisories

Source	# ID	Name	URL
Bugzilla	2135472	Bug #2135472 - CVE-2022-3517 yarnpkg: nodejs-minimatch: ReDoS via the braceExpand function [fedora-all]	https://bugzilla.redhat.com/show_bug.cgi?id=2135472
Bugzilla	2127008	Bug #2127008 - CVE-2021-43138 yarnpkg: async: Prototype Pollution in async [fedora-all]	https://bugzilla.redhat.com/show_bug.cgi?id=2127008
Bugzilla	2127351	Bug #2127351 - CVE-2020-7677 yarnpkg: thenify: Arbitrary Code Execution in thenify [fedora-all]	https://bugzilla.redhat.com/show_bug.cgi?id=2127351

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/fedora/yarnpkg?distro=fedora-37	fedora	yarnpkg	< 1.22.19.3.fc37	fedora-37

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date