What is CVE-2021-4435?

CVE-2021-4435 is a high-severity vulnerability in Fedora Extra Packages For Enterprise Linux, classified under Untrusted Search Path. CVSS score: 7.7/10. Published 2024-02-04.

How severe is CVE-2021-4435?

High severity. CVSS v3 base score is 7.7 out of 10.

Vulnerability in Fedora Extra Packages For Enterprise Linux

CVE-2021-4435

An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.

EPSS: 0.001 (16.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Fedora Extra Packages For Enterprise Linux
Fedora
N/a Yarn — versions 1.22.13

Weakness classification (CWE)

CWE-426 — Untrusted Search Path

References

access.redhat.com/security/cve/CVE-2021-4435 (vdb-entry, x_refsource_REDHAT)
RHBZ#2262284 (issue-tracking, x_refsource_REDHAT)
github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1
github.com/yarnpkg/yarn/releases/tag/v1.22.13

Frequently asked questions

What is CVE-2021-4435?: CVE-2021-4435 is a high-severity vulnerability in Fedora Extra Packages For Enterprise Linux, classified under Untrusted Search Path. CVSS score: 7.7/10. Published 2024-02-04.
How severe is CVE-2021-4435?: High severity. CVSS v3 base score is 7.7 out of 10.