GHSA-2pr6-76vf-7546

Опубликовано: 05 июн. 2019

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Denial of Service in js-yaml

Versions of js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Recommendation

Upgrade to version 3.13.0.

Ссылки

https://github.com/nodeca/js-yaml/issues/475
https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb01235
https://snyk.io/vuln/SNYK-JS-JSYAML-173999
https://www.npmjs.com/advisories/788
https://www.npmjs.com/advisories/788/versions

Пакеты

Наименование

js-yaml

npm

Затронутые версииВерсия исправления

< 3.13.0

3.13.0

5.9 Medium

CVSS3

Дефекты

CWE-400

5.9 Medium

CVSS3

Дефекты

CWE-400