Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-8262

Опубликовано: 28 июл. 2025
Источник: nvd
CVSS3: 4.3
CVSS3: 7.5
CVSS2: 4
EPSS Низкий

Описание

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The patch is identified as 97731871e674bf93bcbf29e9d3258da8685f3076. It is recommended to apply a patch to fix this issue.

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:yarnpkg:yarn:*:*:*:*:*:*:*:*
Версия до 1.22.22 (включая)

EPSS

Процентиль: 19%
0.00062
Низкий

4.3 Medium

CVSS3

7.5 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-400
CWE-1333

Связанные уязвимости

CVSS3: 4.3
ubuntu
27 дней назад

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The patch is identified as 97731871e674bf93bcbf29e9d3258da8685f3076. It is recommended to apply a patch to fix this issue.

CVSS3: 4.3
debian
27 дней назад

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been c ...

CVSS3: 4.3
github
27 дней назад

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The patch is identified as 97731871e674bf93bcbf29e9d3258da8685f3076. It is recommended to apply a patch to fix this issue.

EPSS

Процентиль: 19%
0.00062
Низкий

4.3 Medium

CVSS3

7.5 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-400
CWE-1333