Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

Fedora 42 yarnpkg Critical Prototype Pollution Fix FEDORA-2026-2809f801f3

fedora
Calendar Grey February 6, 2026
Dist Fedora Esm H88
Fix for prototype pollution in yarnpkg enhances dependency management security in Fedora 42 with critical update CARE-2026-2809f801f3.
Regenerate vendor tarball

Summary

Fast, reliable, and secure dependency management.

Update Information:

Regenerate vendor tarball. Fixes CVE-2025-13465.

Change Log

* Tue Jan 27 2026 Sandro Mani - 1.22.22-16 - Refresh bundle, fixes CVE-2025-13465 * Sat Jan 17 2026 Fedora Release Engineering - 1.22.22-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2432997 - CVE-2025-13465 yarnpkg: prototype pollution in _.unset and _.omit functions [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2432997 [ 2 ] Bug #2433048 - CVE-2025-13465 yarnpkg: prototype pollution in _.unset and _.omit functions [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433048

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2809f801f3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: yarnpkg
Product: Fedora 42
Version: 1.22.22
Release: 16.fc42
Summary: Fast, reliable, and secure dependency management.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.