Soumettre #617393: Yarn v1.22.22 Inefficient Regular Expression Complexityinformation

Titre	Yarn v1.22.22 Inefficient Regular Expression Complexity
Description	Yarn v1.22.22 allows context-dependent attackers to cause a regular expression denial of service by embedding maliciously constructed code blocks in the parsed Markdown code.
La source	⚠️ https://github.com/yarnpkg/yarn/pull/9199
Utilisateur	mmmsssttt (UID 85832)
Soumission	16/07/2025 20:31 (il y a 9 mois)
Modérer	26/07/2025 18:24 (10 days later)
Statut	Accepté
Entrée VulDB	317850 [yarnpkg Yarn jusqu’à 1.22.22 hosted-git-resolver.js explodeHostedGitFragment déni de service]
Points	15

Interested in the pricing of exploits?

See the underground prices here!