CVE-2025-40908

Опубликовано: 01 июн. 2025

Источник: debian

EPSS Низкий

Описание

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

Пакет	Статус	Версия исправления	Релиз	Тип
libyaml-libyaml-perl	fixed	0.903.0+ds-1		package
libyaml-libyaml-perl	no-dsa		bookworm	package
libyaml-libyaml-perl	postponed		bullseye	package

https://lists.security.metacpan.org/cve-announce/msg/30071726/
https://github.com/ingydotnet/yaml-libyaml-pm/issues/120
https://github.com/ingydotnet/yaml-libyaml-pm/pull/121
Fixed by: https://github.com/ingydotnet/yaml-libyaml-pm/commit/5fe9daed726c06900c3cd41a739460057bec6dc3 (v0.903.0)
https://github.com/ingydotnet/yaml-libyaml-pm/pull/122

EPSS

Процентиль: 11%

0.00038

Низкий

CVE-2025-40908

CVSS3: 9.1

ubuntu

20 дней назад

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

CVE-2025-40908

CVSS3: 7.7

redhat

20 дней назад

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

CVE-2025-40908

CVSS3: 9.1

nvd

20 дней назад

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

SUSE-SU-2025:01886-1

suse-cvrf

10 дней назад

Security update for perl-YAML-LibYAML

SUSE-SU-2025:01885-1

suse-cvrf

10 дней назад

Security update for perl-YAML-LibYAML

EPSS

Процентиль: 11%

0.00038

Низкий