Bug 33674 - yarnpkg new security issues CVE-2024-37890, CVE-2024-48949 and CVE-2024-12905
Summary: yarnpkg new security issues CVE-2024-37890, CVE-2024-48949 and CVE-2024-12905
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard: MGA9TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2024-10-25 11:35 CEST by Nicolas Salguero
Modified: 2025-04-22 13:39 CEST (History)
2 users (show)

See Also:
Source RPM: yarnpkg-1.22.22-0.10.8.2.2.mga10.src.rpm, yarnpkg-1.22.22-0.10.8.2.1.mga9.src.rpm
CVE: CVE-2024-37890, CVE-2024-48949, CVE-2024-12905
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Nicolas Salguero 2024-10-25 11:36:41 CEST

Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2024-37890, CVE-2024-48949
Source RPM: (none) => yarnpkg-1.22.22-0.10.8.2.2.mga10.src.rpm, yarnpkg-1.22.22-0.10.8.2.1.mga9.src.rpm

Comment 1 Marja Van Waes 2024-10-25 16:04:22 CEST 
No registered maintainer, assigning to all.

CC'ing daviddavid who was the last one to touch it.

CC: (none) => geiger.david68210, marja11
Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2025-04-22 13:39:08 CEST 
Fedora has issued an advisory on April 11:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UGLXZO6VIHGIITQTEUY5Q5YCAP2A4ZP/

Summary: yarnpkg new security issues CVE-2024-37890 and CVE-2024-48949 => yarnpkg new security issues CVE-2024-37890, CVE-2024-48949 and CVE-2024-12905

Nicolas Salguero 2025-04-22 13:39:19 CEST

CVE: CVE-2024-37890, CVE-2024-48949 => CVE-2024-37890, CVE-2024-48949, CVE-2024-12905
Note You need to log in before you can comment on or make changes to this bug.