10 matches found
Advisory ROSA-SA-2025-3025
software: yarn 1.22.22 WASP: ROSA-CHROME unaffected versions = yarn-1.22.22.22-3 affected versions yarn-1.22.22.22-3 CVE-ID: CVE-2025-9308 BDU-ID: None CVE-Crit: LOW CVE-DESC.: Vulnerability in Yarn before version 1.22.22 in setOptions function of src/util/request-manager.js file. Possible attack...
Linux Distros Unpatched Vulnerability : CVE-2025-9308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation...
SUSE CVE-2025-9308
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...
CVE-2025-9308
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...
CVE-2025-9308
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...
CVE-2025-9308 yarnpkg Yarn request-manager.js setOptions redos
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...
Regular Expression Denial of Service (ReDoS)
Overview yarn is a package for dependency management. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the setOptions function in the src/util/request-manager.js file. An attacker can cause resource exhaustion by supplying crafted input that...
CVE-2025-9308
CVE-2025-9308 affects yarnpkg Yarn up to 1.22.22. The vulnerability is in the function setOptions of src/util/request-manager.js, where manipulation leads to inefficient regular expression complexity. Local access is required. The advisory consistently indicates the issue affects products that ar...
CVE-2025-9308
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...
PT-2025-34246 · Yarnpkg +2 · Yarnpkg +2
Name of the Vulnerable Software and Affected Versions: yarnpkg Yarn versions up to 1.22.22 Description: A vulnerability exists in Yarn Package Manager due to inefficient regular expression complexity within the setOptions function located in the src/util/request-manager.js file. Local access is...