zc_plugin_dm icon indicating copy to clipboard operation
zc_plugin_dm copied to clipboard

Published 20 hours ago verified publisher icon zurichat

CVE-2025-9308 (Low) detected in yarn-1.22.11.tgz

Open mend-bolt-for-github[bot] opened this issue 3 months ago • 0 comments

CVE-2025-9308 - Low Severity Vulnerability

Vulnerable Library - yarn-1.22.11.tgz

?? Fast, reliable, and secure dependency management.

Library home page: https://registry.npmjs.org/yarn/-/yarn-1.22.11.tgz

Path to dependency file: /dmreactplugin/package.json

Path to vulnerable library: /dmreactplugin/package.json

Dependency Hierarchy:

  • :x: yarn-1.22.11.tgz (Vulnerable Library)

Found in HEAD commit: 41f949b863ead7c74b72a01845dbe0d88c24a364

Found in base branch: main

Vulnerability Details

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects products that are no longer supported by the maintainer.

Publish Date: 2025-08-21

URL: CVE-2025-9308

CVSS 3 Score Details (3.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low
For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Aug 22 '25 12:08 mend-bolt-for-github[bot]