| Titel | Yarn v1.22.22 Inefficient Regular Expression Complexity |
|---|
| Beschreibung | Yarn v1.22.22 allows context-dependent attackers to cause a regular expression denial of service by embedding maliciously constructed code blocks in the parsed Markdown code. |
|---|
| Quelle | ⚠️ https://github.com/yarnpkg/yarn/pull/9199 |
|---|
| Benutzer | mmmsssttt (UID 85832) |
|---|
| Einreichung | 16.07.2025 20:31 (vor 10 Monaten) |
|---|
| Moderieren | 26.07.2025 18:24 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 317850 [yarnpkg Yarn bis 1.22.22 hosted-git-resolver.js explodeHostedGitFragment Denial of Service] |
|---|
| Punkte | 15 |
|---|