A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The patch is identified as 97731871e674bf93bcbf29e9d3258da8685f3076. It is recommended to apply a patch to fix this issue.
{
"cna_assigner": "VulDB",
"cwe_ids": [
"CWE-1333",
"CWE-400"
],
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "1.22.6"
},
{
"last_affected": "1.22.6"
},
{
"introduced": "1.22.7"
},
{
"last_affected": "1.22.7"
},
{
"introduced": "1.22.8"
},
{
"last_affected": "1.22.8"
},
{
"introduced": "1.22.9"
},
{
"last_affected": "1.22.9"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/8xxx/CVE-2025-8262.json"
}{
"source": [
"AFFECTED_FIELD",
"CPE_RANGE"
],
"cpe": "cpe:2.3:a:yarnpkg:yarn:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "1.22.0"
},
{
"last_affected": "1.22.0"
},
{
"introduced": "1.22.1"
},
{
"last_affected": "1.22.1"
},
{
"introduced": "1.22.2"
},
{
"last_affected": "1.22.2"
},
{
"introduced": "1.22.3"
},
{
"last_affected": "1.22.3"
},
{
"introduced": "1.22.4"
},
{
"last_affected": "1.22.4"
},
{
"introduced": "1.22.5"
},
{
"last_affected": "1.22.5"
},
{
"introduced": "1.22.10"
},
{
"last_affected": "1.22.10"
},
{
"introduced": "1.22.11"
},
{
"last_affected": "1.22.11"
},
{
"introduced": "1.22.12"
},
{
"last_affected": "1.22.12"
},
{
"introduced": "1.22.13"
},
{
"last_affected": "1.22.13"
},
{
"introduced": "1.22.14"
},
{
"last_affected": "1.22.14"
},
{
"introduced": "1.22.15"
},
{
"last_affected": "1.22.15"
},
{
"introduced": "1.22.16"
},
{
"last_affected": "1.22.16"
},
{
"introduced": "1.22.17"
},
{
"last_affected": "1.22.17"
},
{
"introduced": "1.22.18"
},
{
"last_affected": "1.22.18"
},
{
"introduced": "1.22.19"
},
{
"last_affected": "1.22.19"
},
{
"introduced": "1.22.20"
},
{
"last_affected": "1.22.20"
},
{
"introduced": "1.22.21"
},
{
"last_affected": "1.22.21"
},
{
"introduced": "1.22.22"
},
{
"last_affected": "1.22.22"
},
{
"introduced": "0"
}
]
}