CVE-2025-40908

Опубликовано: 01 июн. 2025

Источник: debian

EPSS Низкий

Описание

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

Пакет	Статус	Версия исправления	Релиз	Тип
libyaml-libyaml-perl	fixed	0.903.0+ds-1		package
libyaml-libyaml-perl	fixed	0.86+ds-1+deb12u1	bookworm	package
libyaml-libyaml-perl	postponed		bullseye	package

https://lists.security.metacpan.org/cve-announce/msg/30071726/
https://github.com/ingydotnet/yaml-libyaml-pm/issues/120
https://github.com/ingydotnet/yaml-libyaml-pm/pull/121
Fixed by: https://github.com/ingydotnet/yaml-libyaml-pm/commit/5fe9daed726c06900c3cd41a739460057bec6dc3 (v0.903.0)
https://github.com/ingydotnet/yaml-libyaml-pm/pull/122

EPSS

Процентиль: 20%

0.00063

Низкий

CVE-2025-40908

CVSS3: 9.1

ubuntu

5 месяцев назад

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

CVE-2025-40908

CVSS3: 7.7

redhat

5 месяцев назад

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

CVE-2025-40908

CVSS3: 9.1

nvd

5 месяцев назад

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

SUSE-SU-2025:01886-1

suse-cvrf

5 месяцев назад

Security update for perl-YAML-LibYAML

SUSE-SU-2025:01885-2

suse-cvrf

4 месяца назад

Security update for perl-YAML-LibYAML

EPSS

Процентиль: 20%

0.00063

Низкий