Vulnerabilities

 2 via 2 paths

Dependencies

 202

Source

 GitHub

Commit

 release

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

medium severity
new

Inefficient Algorithmic Complexity

  • Vulnerable module: js-yaml
  • Introduced through: gray-matter@4.0.3

Detailed paths

  • Introduced through: fepper@electric-eloquence/fepper-npm#release gray-matter@4.0.3 js-yaml@3.14.2

Overview

js-yaml is a human-friendly data serialization language.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair() function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and significantly degrade service availability by submitting malicious YAML documents.

Remediation

Upgrade js-yaml to version 4.2.0 or higher.

References

Inefficient Algorithmic Complexity vulnerability report

low severity

Arbitrary Code Injection

  • Vulnerable module: prismjs
  • Introduced through: prismjs@1.27.0

Detailed paths

  • Introduced through: fepper@electric-eloquence/fepper-npm#release prismjs@1.27.0
    Remediation: Upgrade to prismjs@1.30.0.

Overview

prismjs is a lightweight, robust, elegant syntax highlighting library.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended actions by injecting HTML elements that overshadow legitimate DOM elements.

Note:

This is only exploitable if the application accepts untrusted input containing HTML but not direct JavaScript.

Remediation

Upgrade prismjs to version 1.30.0 or higher.

References

Arbitrary Code Injection vulnerability report