CVE-2025-9308 | yarnpkg Yarn up to 1.22.22 request-manager.js setOptions redos (ID 9203)

Inserito da Angelo Barbosa | Ago 21, 2025 | CVE

A vulnerability was found in yarnpkg Yarn up to 1.22.22 and classified as problematic. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is uniquely identified as CVE-2025-9308. Local access is required to approach this attack. No exploit exists.

CVE-2025-9308 | yarnpkg Yarn up to 1.22.22 request-manager.js setOptions redos (ID 9203)

Post correlati

CVE-2022-49518 | Linux Kernel up to 5.18.2 sof_get_control_data out-of-bounds

CVE-2024-25138 | AutomationDirect C-MORE EA9 HMI up to 6.77 credentials storage (icsa-24-086-01)

CVE-2025-5353 | Ivanti Workspace Control up to 10.18.50.0 SQL Credentials hard-coded key

CVE-2024-53135 | Linux Kernel up to 6.1.118/6.6.62/6.11.9 VMX information disclosure