Fedora 42 - yarnpkg 2025-e73ea121f5 critical: fix path traversal
fedora
April 11, 2025
Fix CVE-2024-12905.
Summary
Fast, reliable, and secure dependency management.
Update Information:
Fix CVE-2024-12905.
Topics Covered
Change Log
* Fri Mar 28 2025 Sandro Mani
References
[ 1 ] Bug #2355667 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2355667 [ 2 ] Bug #2355668 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2355668 [ 3 ] Bug #2355669 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2355669
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e73ea121f5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: yarnpkg
Product: Fedora 42
Version: 1.22.22
Release: 7.fc42
Summary: Fast, reliable, and secure dependency management.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!