Metrics
Affected Vendors & Products
Thu, 31 Jul 2025 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:yarnpkg:yarn:*:*:*:*:*:*:*:* |
Mon, 28 Jul 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 28 Jul 2025 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Yarnpkg
Yarnpkg yarn |
|
Vendors & Products |
Yarnpkg
Yarnpkg yarn |
Mon, 28 Jul 2025 07:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The patch is identified as 97731871e674bf93bcbf29e9d3258da8685f3076. It is recommended to apply a patch to fix this issue. | |
Title | yarnpkg Yarn hosted-git-resolver.js explodeHostedGitFragment redos | |
Weaknesses | CWE-1333 CWE-400 |
|
References |
| |
Metrics |
cvssV2_0
|

Status: PUBLISHED
Assigner: VulDB
Published: 2025-07-28T07:02:05.616Z
Updated: 2025-07-28T17:16:45.501Z
Reserved: 2025-07-26T16:24:06.079Z
Link: CVE-2025-8262

Updated: 2025-07-28T17:16:41.983Z

Status : Analyzed
Published: 2025-07-28T07:15:25.447
Modified: 2025-07-31T19:16:47.320
Link: CVE-2025-8262

No data.