CNNVD-202507-3473 Information
Jul 28, 2025
cve
CNNVD ID
CNNVD-202507-3473
Related CVE
- CNNVD Published: 2025-07-28
Description (Chinese)
Yarn是一款开源的软件包安装、管理工具。 Yarn 1.22.22及之前版本存在安全漏洞,该漏洞源于函数explodeHostedGitFragment会导致正则表达式的复杂性降低。
Description (English)
Yarn is an open-source software package installation, management tool. There is a security loophole in Yarn 1.22.22 and earlier versions, which stems from the function explode Hosted GitForgment, which leads to a reduced complexity of regular expressions.
Hazard Level
High
Vulnerability Type
其他
Published
2025-07-28
Last Modified
2026-02-24
References
https://github.com/yarnpkg/yarn/pull/9199 https://github.com/yarnpkg/yarn/pull/9199/commits/97731871e674bf93bcbf29e9d3258da8685f3076 https://vuldb.com/?ctiid.317850 https://vuldb.com/?id.317850 https://vuldb.com/?submit.617393 https://access.redhat.com/security/cve/cve-2025-8262
Share on: