GHSA-8j8c-7jfh-h6hx – js-yaml

Package

Manager: npm
Name: js-yaml
Vulnerable Version: >=0 <3.13.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Code Injection in js-yaml Versions of `js-yaml` prior to 3.13.1 are vulnerable to Code Injection. The `load()` function may execute arbitrary code injected through a malicious YAML file. Objects that have `toString` as key, JavaScript code as value and are used as explicit mapping keys allow attackers to execute the supplied code through the `load()` function. The `safeLoad()` function is unaffected. An example payload is `{ toString: !<tag:yaml.org,2002:js/function> 'function (){return Date.now()}' } : 1` which returns the object { "1553107949161": 1 } ## Recommendation Upgrade to version 3.13.1.

Metadata

Created: 2019-06-04T20:14:07Z
Modified: 2020-08-31T18:36:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-8j8c-7jfh-h6hx/GHSA-8j8c-7jfh-h6hx.json
CWE IDs: ["CWE-94"]
Alternative ID: N/A
Finding: F422
Auto approve: 1