CNNVD-202508-2601 Information

CNNVD ID

CNNVD-202508-2601

Related CVE

CVE-2025-9308

• CNNVD Published: 2025-08-21

Description (Chinese)

Yarn是Yarn开源的一款开源的软件包安装、管理工具。 Yarn 1.22.22及之前版本存在安全漏洞，该漏洞源于正则表达式复杂性不足。

Description (English)

Yarn is an open-source software package installation and management tool for Yarn. There is a security loophole in Yarn 1.22.22 and earlier versions, which stems from a lack of formal expression complexity.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Yarn

Published

2025-08-21

Last Modified

2026-02-24

References

https://github.com/yarnpkg/yarn/pull/9203 https://vuldb.com/?submit.633486 https://vuldb.com/?id.320913 https://vuldb.com/?ctiid.320913 https://access.redhat.com/security/cve/cve-2025-9308 https://nvd.nist.gov/vuln/detail/CVE-2025-9308

Patch

https://github.com/yarnpkg/berry/releases