Improper Integrity Checks
Affecting org.webjars.npm:yarn artifact, versions [,1.19)Report new vulnerabilities
org.webjars.npm:yarn is a package for dependency management.
Affected versions of this package are vulnerable to Improper Integrity Checks. It allows to pollute yarn cache via a crafted
yarn.lock file and place a malicious package into cache under any name/version, bypassing both integrity and hash checks in
yarn.lock so that any future installs of that package will install the fake version (regardless of integrity and hashes).
org.webjars.npm:yarn to version 1.19 or higher.