Alerts This Week
Warning Icon 1 1,123
Alerts This Week
Warning Icon 1 1,123

Debian 12: yarnpkg Vulnerability Report CVE-2025-8263 CVE-2025-7784

fedora
Calendar Grey August 8, 2025
Dist Fedora Esm H88
To address CVE-2025-8262 and CVE-2025-7783 in yarnpkg for Fedora 41, follow steps to implement essential security patches effectively
Apply fixes for CVE-2025-8262 and CVE-2025-7783.

Summary

Fast, reliable, and secure dependency management.

Update Information:

Apply fixes for CVE-2025-8262 and CVE-2025-7783.

Topics%20covered

Topics Covered

security advisory fedora unsafe function yarnpkg informational regex complexity

Change Log

* Wed Jul 30 2025 Sandro Mani - 1.22.22-11 - Refresh bundle - Drop patches obsoleted by new bundle - Add yarn-update-jest.prebundle.patch to update jest and avoid some vulerable dependencies - Apply fixes for CVE-2025-8262 and CVE-2025-8263 * Fri Jul 25 2025 Fedora Release Engineering - 1.22.22-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2382001 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2382001 [ 2 ] Bug #2382007 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2382007 [ 3 ] Bug #2382017 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2382017 [ 4 ] Bug #2382027 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2382027 [ 5 ] Bug #2383877 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2383877 [ 6 ] Bug #2383879 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2383879 [ 7 ] Bug #2383880 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vul...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b19f3ed5f4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: yarnpkg
Product: Fedora 41
Version: 1.22.22
Release: 11.fc41
URL: https://github.com/yarnpkg/yarn
Summary: Fast, reliable, and secure dependency management.

Topics%20covered

Topics Covered

security advisory fedora unsafe function yarnpkg informational regex complexity

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here