In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 04-05, 2024.
During this period, The National Vulnerability Database published 14, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 1
Medium: 5
Low: 1
Severity Not Assigned: 7
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2021-4435
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.
References: https://access.redhat.com/security/cve/CVE-2021-4435
https://bugzilla.redhat.com/show_bug.cgi?id=2262284
https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1
https://github.com/yarnpkg/yarn/releases/tag/v1.22.13
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 04-05, 2024.
During this period, The National Vulnerability Database published 14, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 1
Medium: 5
Low: 1
Severity Not Assigned: 7
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2021-4435
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.
References: https://access.redhat.com/security/cve/CVE-2021-4435
https://bugzilla.redhat.com/show_bug.cgi?id=2262284
https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1
https://github.com/yarnpkg/yarn/releases/tag/v1.22.13
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found