logo

Database

Asymmetric denial of service In js-yaml

Description

Denial of Service in js-yaml Versions of js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Recommendation

Upgrade to version 3.13.0.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-2pr6-76vf-7546

References

1. https://github.com/nodeca/js-yaml/issues/4752. https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb012353. https://www.npmjs.com/advisories/7884. https://www.npmjs.com/advisories/788/versions

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.