Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses

Filter by:

With package: perl540Packages.YAMLLibYAML

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2025-40908

9.1 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 6 months ago

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

References

https://github.com/ingydotnet/yaml-libyaml-pm/pull/121 patch
https://github.com/ingydotnet/yaml-libyaml-pm/pull/122 patch
https://github.com/ingydotnet/yaml-libyaml-pm/issues/120 issue-tracking
https://github.com/ingydotnet/yaml-libyaml-pm/issues/120 issue-tracking
https://github.com/ingydotnet/yaml-libyaml-pm/pull/121 patch
https://github.com/ingydotnet/yaml-libyaml-pm/pull/122 patch

Affected products

YAML-LibYAML

<0.903.0

Matching in nixpkgs

pkgs.perlPackages.YAMLLibYAML

Perl YAML Serialization using XS and libyaml

nixos-unstable -
- nixpkgs-unstable 0.89

pkgs.perl538Packages.YAMLLibYAML

Perl YAML Serialization using XS and libyaml

nixos-unstable -
- nixpkgs-unstable 0.89

pkgs.perl540Packages.YAMLLibYAML

Perl YAML Serialization using XS and libyaml

nixos-unstable -
- nixpkgs-unstable 0.89

1