Количество 7
Количество 7
GHSA-mh29-5h37-fv8m
js-yaml has prototype pollution in merge (<<)
CVE-2025-64718
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).
CVE-2025-64718
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).
CVE-2025-64718
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).
CVE-2025-64718
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1. ...
openSUSE-SU-2026:20117-1
Security update for cockpit-subscriptions
openSUSE-SU-2026:20251-1
Security update for cockpit-repos
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-mh29-5h37-fv8m js-yaml has prototype pollution in merge (<<) | CVSS3: 5.3 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-64718 js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default). | CVSS3: 5.3 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-64718 js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default). | CVSS3: 5.3 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-64718 js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default). | CVSS3: 5.3 | 0% Низкий | 5 месяцев назад |
| CVE-2025-64718 js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1. ... | CVSS3: 5.3 | 0% Низкий | 5 месяцев назад |
 | openSUSE-SU-2026:20117-1 Security update for cockpit-subscriptions | 0% Низкий | 2 месяца назад | |
| openSUSE-SU-2026:20251-1 Security update for cockpit-repos | около 2 месяцев назад |
Уязвимостей на страницу