CVE-2025-8262 | yarnpkg Yarn up to 1.22.22 hosted-git-resolver.js explodeHostedGitFragment redos (ID 9199)

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity.

This vulnerability is traded as CVE-2025-8262. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.VulDB Recent EntriesRead More