CVE-2025-8262 | yarnpkg Yarn up to 1.22.22 hosted-git-resolver.js explodeHostedGitFragment redos (ID 9199)

Inserito da Angelo Barbosa | Lug 26, 2025 | CVE

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity.

This vulnerability is traded as CVE-2025-8262. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-8262 | yarnpkg Yarn up to 1.22.22 hosted-git-resolver.js explodeHostedGitFragment redos (ID 9199)

Post correlati

CVE-2024-7922 | D-Link DNS-1550-04 up to 20240814 /cgi-bin/myMusic.cgi command injection

CVE-2024-8719 | Flexmls IDX Plugin up to 3.14.22 on WordPress cross site scripting

CVE-2023-39444 | GTKWave 3.3.115 LXT2 Parser out-of-bounds write (TALOS-2023-1826)

CVE-2024-54523 | Apple watchOS memory corruption