Submit #617393: Yarn v1.22.22 Inefficient Regular Expression Complexityinfo

Title	Yarn v1.22.22 Inefficient Regular Expression Complexity
Description	Yarn v1.22.22 allows context-dependent attackers to cause a regular expression denial of service by embedding maliciously constructed code blocks in the parsed Markdown code.
Source	⚠️ https://github.com/yarnpkg/yarn/pull/9199
User	mmmsssttt (UID 85832)
Submission	07/16/2025 20:31 (9 months ago)
Moderation	07/26/2025 18:24 (10 days later)
Status	Accepted
VulDB entry	317850 [yarnpkg Yarn up to 1.22.22 hosted-git-resolver.js explodeHostedGitFragment redos]
Points	15

Want to stay up to date on a daily basis?

Enable the mail alert feature now!