Vulnerabilities

1 via 1 paths

Dependencies

308

Source

GitHub

Find, fix and prevent vulnerabilities in your code.

Issue type
  • 1
  • 2
Severity
  • 2
  • 1
Status
  • 3
  • 0
  • 0

high severity

AGPL-3.0 license

  • Module: @pm2/agent
  • Introduced through: pm2@6.0.14

Detailed paths

  • Introduced through: magicmirror@MagicMirrorOrg/MagicMirror pm2@6.0.14 @pm2/agent@2.1.1

AGPL-3.0 license

high severity

AGPL-3.0 license

  • Module: pm2
  • Introduced through: pm2@6.0.14

Detailed paths

  • Introduced through: magicmirror@MagicMirrorOrg/MagicMirror pm2@6.0.14

AGPL-3.0 license

medium severity
new

Inefficient Algorithmic Complexity

  • Vulnerable module: js-yaml
  • Introduced through: pm2@6.0.14

Detailed paths

  • Introduced through: magicmirror@MagicMirrorOrg/MagicMirror pm2@6.0.14 js-yaml@4.1.1
    Remediation: Upgrade to pm2@7.0.2.

Overview

js-yaml is a human-friendly data serialization language.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair() function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and significantly degrade service availability by submitting malicious YAML documents.

Remediation

Upgrade js-yaml to version 4.2.0 or higher.

References