MEDIUM 5.9

GHSA-2pr6-76vf-7546

Denial of Service in js-yaml

Details

Versions of `js-yaml` prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

## Recommendation

Upgrade to version 3.13.0.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / js-yaml

Introduced in: 0 Fixed in: 3.13.0

Fix npm install js-yaml@3.13.0

References

https://github.com/nodeca/js-yaml/issues/475 [WEB]
https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb01235 [WEB]
https://snyk.io/vuln/SNYK-JS-JSYAML-173999 [WEB]
https://www.npmjs.com/advisories/788 [WEB]
https://www.npmjs.com/advisories/788/versions [WEB]